classification
Title: Add pickle.loads fuzz test
Type: security Stage: resolved
Components: Tests Versions: Python 3.10
process
Status: closed Resolution: rejected
Dependencies: Superseder:
Assigned To: gregory.p.smith Nosy List: Bruce Day, gregory.p.smith
Priority: normal Keywords:

Created on 2020-07-03 10:48 by Bruce Day, last changed 2021-03-14 02:22 by gregory.p.smith. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 21289 open Bruce Day, 2020-07-03 10:48
Messages (2)
msg372916 - (view) Author: Bruce Day (Bruce Day) Date: 2020-07-03 10:48
add pickle.loads(x) fuzz test
msg381880 - (view) Author: Gregory P. Smith (gregory.p.smith) * (Python committer) Date: 2020-11-26 07:24
Given that pickle is documented as:

"""
Warning The pickle module is not secure. Only unpickle data you trust.

It is possible to construct malicious pickle data which will execute arbitrary code during unpickling.
"""

https://docs.python.org/3/library/pickle.html

What is fuzzing pickle.loads() expected to accomplish?
History
Date User Action Args
2021-03-14 02:22:03gregory.p.smithsetstatus: open -> closed
resolution: rejected
stage: resolved
2020-11-26 07:24:08gregory.p.smithsetassignee: gregory.p.smith

messages: + msg381880
nosy: + gregory.p.smith
2020-07-03 10:48:09Bruce Daycreate