Python Untrusted Pickle File Deserialization

Description

Detects unsafe deserialization of pickle files using pandas' read_pickle function. This is dangerous because unpickling untrusted data can execute arbitrary code, potentially leading to remote code execution vulnerabilities if an attacker can control the pickle file contents.

Weakness:

014 - Insecure functionality

Category: Functionality Abuse

Detection Strategy

• Identifies calls to pd.read_pickle function in Python code

• Checks if the pickle file source could be controlled by external/untrusted input

• Reports a vulnerability when untrusted/user-controlled data is passed to read_pickle without proper validation

Vulnerable code example

from flask import Flask, request
import pandas as pd
import io

def vulnerable_process_pickle():
    file = request.files['pickle_file']
    data = pd.read_pickle(io.BytesIO(file.read()))  # Vulnerable: Unsafe deserialization of user-supplied pickle data

✅ Secure code example

from flask import Flask, request
import pandas as pd
import json
from typing import Dict

def safe_process_pickle():
    file = request.files['data_file']
    if not file.filename.endswith('.json'):  # Only accept safe JSON format...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.