fickling issues

Improved polyglot to do recursive checks, and detect numpy

1

- Updated check_pickle - general results are unchanged, however now min_length can be used to avoid detecting tar files that often start with `.` as pickles. - added checks for...

coldwaterq

Further align the CLI and Python API

We should incorporate more Python API features inside of the CLI such as the PyTorch and polyglot modules. This would help with #97.

suhacker1

Support more pickle-based file formats and can san it

1

Hi, there are a lot of malicious POC under the url address `https://github.com/mmaitre314/picklescan/tree/main/tests/data`, and then use `https://github.com/mmaitre314/picklescan` the tool scans these pickle files normally and outputs the results. However, when...

zxhubo

Polyglot module improvements

To better account for different parser implementations and to make identification more robust, we could use [PolyFile](https://github.com/trailofbits/polyfile) and call it in Fickling. In addition, we should ensure the module directly...

suhacker1

Support more pickle-based file formats

1. NumPy 2. Sklearn/Joblib 3. Riva 4. Nemo 5. PyTorch Package 6. Executorch (only for identification) 7. PyTorch Mobile (only for identification)

suhacker1

Update `pytorch_poc.py`

2

This PoC should instead use the PyTorch module inside of fickling.

suhacker1

good first issue

Support hooking `pickle.loads()` and add `fickling.loads()`

Similar to our hooks on `pickle.load()`, we should support `pickle.loads()`. It will be fairly easy to do so.

Boyan-MILANOV

can't create a safe python class

5

[numpy_poc](https://github.com/trailofbits/fickling/blob/master/example/numpy_poc.py#L9-L15) example has the following class as an example of an unsafe class: ```python ... class Test(object): def __init__(self): self.a = 1 def __reduce__(self): # Runs the other PoC found...

luccabb

Function hook does not work on all PyTorch inputs

The global function hook (shown in [hook_functions.py](https://github.com/trailofbits/fickling/blob/master/example/hook_functions.py) does not work on all PyTorch model inputs. I added print statements in `hook.run_hook` and `fickling.load()` to demonstrate. More concretely, it does not...

suhacker1

Possible to apply heuristics scan to pickle files?

I'm not so familiar with pickling and these scans. However, I wondered if maybe there are heuristics or signatures for certain types of pickle files that could be evaluated. If...

neural-loop

fickling
fickling copied to clipboard

Metadata

Improved polyglot to do recursive checks, and detect numpy

Further align the CLI and Python API

Support more pickle-based file formats and can san it

Polyglot module improvements

Support more pickle-based file formats

Update `pytorch_poc.py`

Support hooking `pickle.loads()` and add `fickling.loads()`

can't create a safe python class

Function hook does not work on all PyTorch inputs

Possible to apply heuristics scan to pickle files?

← Metadata

Owner

Metadata

fickling fickling copied to clipboard

Metadata

← Metadata

Owner

Metadata

fickling
fickling copied to clipboard