我正在使用第 3 方图书馆,除非另有指示,否则不幸倾向于使用泡菜。
我知道加载 pickle 可能允许任意代码执行,所以我想知道库何时尝试执行此操作。
我能做些什么来阻止它解酸?
这是我的尝试:
class Unpickler(pickle.Unpickler):
def load(self, *args, **kwargs):
raise RuntimeError("Unpickling is disabled in this script.")
def load(self, *args, **kwargs):
raise RuntimeError("Unpickling is disabled in this script.")
def loads(self, *args, **kwargs):
raise RuntimeError("Unpickling is disabled in this script.")
pickle.Unpickler = Unpickler
pickle.load = load
pickle.loads = loads
import pickle_fanatic_library
这足以禁止任意代码执行吗?
(我想尽可能多地保留
pickle