coldwaterq
coldwaterq
### Proposed new feature or change: After reading [issue 13983](https://github.com/numpy/numpy/issues/13983) I understand why making `savez` and `savez_compressed` suported `allow_pickle` isn't possible. However I would like an option that supports `allow_pickle`...
- Updated check_pickle - general results are unchanged, however now min_length can be used to avoid detecting tar files that often start with `.` as pickles. - added checks for...
If Team A and Team B have Mythic setup so that you have to ssh tunnel into a host in order to view the web console. Then if one user...
https://github.com/coldwaterq/pickle_injector/blob/main/globalLaughs.pt will take a considerable amount of time to process by Fickling. It could also utilize more memory than is likely intended. Pickle parses it fairly quickly though so if...
## Description Add an approve list into the pickle deserialization process to reduce the attack surface of using pickle to a subset of supported objects. ## Test Coverage if a...
**Is your feature request related to a problem? Please describe.** cloudpickle is pickle with very bad super powers **Describe the solution you'd like** add cloudpickle to the detection list **Describe...
https://github.com/Marktechpost/AI-Tutorial-Codes-Included/blob/52570e806d4a356c8ddf40fccc64fa891a9d1e9d/Data%20Science/Building%20an%20End-to-End%20Data%20Science%20Workflow%20with%20Machine%20Learning%2C%20Interpretability%2C%20and%20Gemini%20AI%20Assistance.ipynb#L1460 You can still call os.system in this situation. So ideally some form of code execution sandboxing would probably be better. ```python SAFE_GLOBALS = {"pd": pd, "np": np} def run_generated_pandas(code:...