Skip to content

Commit

Permalink
Bump version to 0.0.10
Browse files Browse the repository at this point in the history
  • Loading branch information
mmaitre314 committed Jul 16, 2023
1 parent e99f3ae commit e0809b4
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 2 deletions.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ Tested on `Linux 5.10.102.1-microsoft-standard-WSL2 x86_64` (WSL2).

## References

- [pickletools.py](https://github.com/python/cpython/blob/main/Lib/pickletools.py) -- The pickletool code is the most detailed documentation of the Pickle format.
- [Machine Learning Attack Series: Backdooring Pickle Files](https://embracethered.com/blog/posts/2022/machine-learning-attack-series-injecting-code-pickle-files/), Johann Rehberger, 2022
- [Hugging Face Pickle Scanning](https://huggingface.co/docs/hub/security-pickle), Luc Georges, 2022
- [The hidden dangers of loading open-source AI models (ARBITRARY CODE EXPLOIT!](https://www.youtube.com/watch?v=2ethDz9KnLk), Yannic Kilcher, 2022
Expand Down
2 changes: 1 addition & 1 deletion setup.cfg
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[metadata]
name = picklescan
version = 0.0.9
version = 0.0.10
author = Matthieu Maitre
author_email = mmaitre314@users.noreply.github.com
description = Security scanner detecting Python Pickle files performing suspicious actions
Expand Down
7 changes: 6 additions & 1 deletion src/picklescan/scanner.py
Original file line number Diff line number Diff line change
Expand Up @@ -197,7 +197,12 @@ def _list_globals(data: IO[bytes], multiple_pickles=True) -> Set[Tuple[str, str]
elif op_name == "STACK_GLOBAL":
values = []
for offset in range(1, n):
if ops[n - offset][0].name in ["MEMOIZE", "PUT", "BINPUT", "LONG_BINPUT"]:
if ops[n - offset][0].name in [
"MEMOIZE",
"PUT",
"BINPUT",
"LONG_BINPUT",
]:
continue
if ops[n - offset][0].name in ["GET", "BINGET", "LONG_BINGET"]:
values.append(memo[int(ops[n - offset][1])])
Expand Down

0 comments on commit e0809b4

Please sign in to comment.