trailofbits
Support more pickle-based file formats and can san it
Hi, there are a lot of malicious POC under the url address https://github.com/mmaitre314/picklescan/tree/main/tests/data, and then use https://github.com/mmaitre314/picklescan the tool scans these pickle files normally and outputs the results. However, when using the fickling tool to scan these pickle files, multiple errors are reported, such as malicious10.pkl, malicious1.zip and so on.
Thanks for raising this issue! From my perusal, some of these files are supported by Fickling's StackedPickle and PyTorch module but not the CLI feature. I'll create an issue for this then. We'll also go through and see if there are any additional file formats there not present in Fickling whatsoever. We have an ongoing list in #49.
