Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feat: add vetted properties #15

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
feat(Pickled): add vetted imports and functions properties
  • Loading branch information
McPatate committed Feb 18, 2022
commit ec33e94622b527ef2b8de2edb36acacccce92deb
49 changes: 48 additions & 1 deletion fickling/pickle.py
Original file line number Diff line number Diff line change
@@ -246,6 +246,8 @@ def __init__(self, opcodes: Iterable[Opcode]):
self._opcodes: List[Opcode] = list(opcodes)
self._ast: Optional[ast.Module] = None
self._properties: Optional[ASTProperties] = None
self._vetted_dependencies: Optional[List[str]] = None
self._vetted_calls: Optional[List[str]] = None

def __len__(self) -> int:
return len(self._opcodes)
@@ -404,11 +406,37 @@ def has_import(self) -> bool:
"""Checks whether unpickling would cause an import to be run"""
return bool(self.properties.imports)

@property
def has_unvetted_import(self) -> bool:
if self._vetted_dependencies is None:
raise Exception("Cannot call has_unvetted_import when vetted_dependencies is not set")
McPatate marked this conversation as resolved.
Show resolved Hide resolved
McPatate marked this conversation as resolved.
Show resolved Hide resolved
unvetted_import = False
for node in self.properties.imports:
module_path = node.module.split(".")
if module_path[0] not in self._vetted_dependencies:
unvetted_import = True
break
return unvetted_import

@property
def has_call(self) -> bool:
"""Checks whether unpickling would cause a function call"""
return bool(self.properties.calls)

@property
def has_unvetted_calls(self) -> bool:
if self._vetted_calls is None:
raise Exception("Cannot call has_unvetted_functions when vetted_functions is not set")
McPatate marked this conversation as resolved.
Show resolved Hide resolved
McPatate marked this conversation as resolved.
Show resolved Hide resolved
unvetted_call = False
for call in self.properties.non_setstate_calls:
function = call.func.id
if function == "_reconstruct":
function = call.args[0].id
if function not in self._vetted_calls:
unvetted_call = True
break
return unvetted_call

@property
def has_non_setstate_call(self) -> bool:
"""Checks whether unpickling would cause a call to a function other than object.__setstate__"""
@@ -417,7 +445,10 @@ def has_non_setstate_call(self) -> bool:
@property
def is_likely_safe(self) -> bool:
# `self.has_call` is probably safe as long as `not self.has_import`
return not self.has_import and not self.has_non_setstate_call
if self._vetted_dependencies is None or self._vetted_calls is None:
return not self.has_import and not self.has_non_setstate_call
else:
return not self.has_unvetted_import and not self.has_unvetted_calls

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shouldn't is_likely_safe be the and of all 4 conditions when applicable?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

self.has_import and self.has_unvetted_import as well as self.has_non_setstate_call and self.has_unvetted_calls would clash, given that the latter is more permissive than the former.


def unsafe_imports(self) -> Iterator[Union[ast.Import, ast.ImportFrom]]:
for node in self.properties.imports:
@@ -437,6 +468,22 @@ def ast(self) -> ast.Module:
self._ast = Interpreter.interpret(self)
return self._ast

@property
def vetted_dependencies(self) -> Optional[List[str]]:
return self._vetted_dependencies

@vetted_dependencies.setter
def vetted_dependencies(self, dependencies: List[str]):
self._vetted_dependencies = dependencies

@property
def vetted_calls(self) -> Optional[List[str]]:
return self._vetted_calls

@vetted_calls.setter
def vetted_calls(self, functions: List[str]):
self._vetted_calls = functions


class Stack(GenericSequence, Generic[T]):
def __init__(self, initial_value: Iterable[T] = ()):