From 5c054b700895d10aa35baded0e411b6d448ac329 Mon Sep 17 00:00:00 2001 From: Raghav Verma Date: Fri, 27 Feb 2026 19:38:59 +0000 Subject: [PATCH] No public description FUTURE_COPYBARA_INTEGRATE_REVIEW=https://github.com/google/saferpickle/pull/8 from PrathameshWalunj:add-unsafe-modules 165be490ce17c9c0b057b0d400e27703dd352cb5 PiperOrigin-RevId: 876350504 --- cli.py | 8 +++---- lib/constants.py | 8 ++++++- lib/utils.py | 2 +- saferpickle.py | 58 ++++++++++++++++++------------------------------ 4 files changed, 33 insertions(+), 43 deletions(-) diff --git a/cli.py b/cli.py index 45dad55..f486e40 100644 --- a/cli.py +++ b/cli.py @@ -64,7 +64,7 @@ def security_scan_with_justifications( # Call the individual scan functions from SaferPickle to sets of results. # Picklemagic Scan - picklemagic_results = safer_pickle.picklemagic_scan(pickle_bytes) + picklemagic_results = saferpickle.picklemagic_scan(pickle_bytes) safe_results.update(picklemagic_results.safe_results) unsafe_results.update(picklemagic_results.unsafe_results) @@ -72,7 +72,7 @@ def security_scan_with_justifications( unknown_results.update(picklemagic_results.unknown_results) # Genops Scan - genops_results = safer_pickle.genops_scan( + genops_results = saferpickle.genops_scan( pickle_bytes, pickle_file_path=file_path ) safe_results.update(genops_results.safe_results) @@ -97,7 +97,7 @@ def security_scan_with_justifications( num_unsafe, num_suspicious, _, # The unknown_score is not used for classification, only reporting - ) = safer_pickle.score_results( + ) = saferpickle.score_results( final_safe_results, final_unsafe_results, final_suspicious_results, @@ -105,7 +105,7 @@ def security_scan_with_justifications( ) # Check for safety and return the results with justifications. - if safer_pickle.is_unsafe(num_safe, num_unsafe, num_suspicious): + if saferpickle.is_unsafe(num_safe, num_unsafe, num_suspicious): if num_unsafe > num_suspicious: classification = "unsafe" all_results = [] diff --git a/lib/constants.py b/lib/constants.py index c43f8db..79b3802 100644 --- a/lib/constants.py +++ b/lib/constants.py @@ -85,6 +85,8 @@ "cProfile", "cloudpickle.load", "cloudpickle.loads", + "code.interact", + "code.InteractiveConsole", "code.InteractiveInterpreter", "codecs.decode", "codeop.compile_command", @@ -101,6 +103,7 @@ "eval", "exec", "execfile", + "fileinput", "get_type_hints", "gzip", "hashlib", @@ -134,7 +137,9 @@ "read", "requests", "runpy", - "safer_pickle_hook", + "safer_pickle", + "saferpickle", + "shutil", "socket", "ssl", "stdin", @@ -184,6 +189,7 @@ "reconstruct", "scipy", "set", + "shutil.disk_usage", "sklearn", "spacy", "str", diff --git a/lib/utils.py b/lib/utils.py index c8ff86f..02343b1 100644 --- a/lib/utils.py +++ b/lib/utils.py @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -"""Utility functions for safer_pickle.""" +"""Utility functions for saferpickle.""" import ast import bz2 diff --git a/saferpickle.py b/saferpickle.py index 1c9f5eb..84ec980 100644 --- a/saferpickle.py +++ b/saferpickle.py @@ -626,41 +626,25 @@ def strict_security_scan(pickle_bytes: bytes) -> bool: def is_unsafe( - number_of_safe_results: int, - number_of_unsafe_results: int, - number_of_suspicious_results: int, + safe_score: int, + unsafe_score: int, + suspicious_score: int, ) -> bool: """Conditional check for safeness. Args: - number_of_safe_results: Number of safe results from the security scan. - number_of_unsafe_results: Number of unsafe results from the security scan. - number_of_suspicious_results: Number of suspicious results from the security - scan. + safe_score: Safe score from the security scan. + unsafe_score: Unsafe score from the security scan. + suspicious_score: Suspicious score from the security scan. Returns: True if the pickle file is dangerous, False otherwise. """ - if number_of_unsafe_results == 0 and number_of_suspicious_results == 0: + if unsafe_score == 0 and suspicious_score == 0: return False - # We halve the weight of suspicious results to lower false positives - # caused by greedy matches of unknown method-like strings (Ex. "google.com") - if ( - number_of_suspicious_results + number_of_unsafe_results - >= number_of_safe_results - ): - return True - - sum_of_unsafe_and_suspicious_results = ( - number_of_unsafe_results + 0.5 * number_of_suspicious_results - ) - - unsafe = (sum_of_unsafe_and_suspicious_results > number_of_safe_results) or ( - number_of_safe_results == 0 and sum_of_unsafe_and_suspicious_results >= 1 - ) - - return unsafe + sum_of_unsafe_and_suspicious_scores = unsafe_score + 0.5 * suspicious_score + return sum_of_unsafe_and_suspicious_scores >= safe_score def picklemagic_scan( @@ -741,8 +725,8 @@ def score_results( number_of_unknown_results = len(unknown_results) safe_score = math.log(number_of_safe_results + 1) * 2 - unsafe_score = math.log(number_of_unsafe_results + 1) * 4 - suspicious_score = math.log(number_of_suspicious_results + 1) * 3 + unsafe_score = math.log(number_of_unsafe_results + 1) * 10 + suspicious_score = math.log(number_of_suspicious_results + 1) * 5 unknown_score = math.log(number_of_unknown_results + 1) * 1 return ( @@ -785,10 +769,10 @@ def apply_approach( logging.info(" Unknown results: %s\n", results.unknown_results) ( - number_of_safe_results, - number_of_unsafe_results, - number_of_suspicious_results, - number_of_unknown_results, + safe_score, + unsafe_score, + suspicious_score, + unknown_score, ) = score_results( results.safe_results, results.unsafe_results, @@ -796,14 +780,14 @@ def apply_approach( results.unknown_results, ) scores = { - "unsafe": number_of_unsafe_results, - "suspicious": number_of_suspicious_results, - "unknown": number_of_unknown_results, + "unsafe": unsafe_score, + "suspicious": suspicious_score, + "unknown": unknown_score, } if results.is_denylisted or is_unsafe( - number_of_safe_results, - number_of_unsafe_results, - number_of_suspicious_results, + safe_score, + unsafe_score, + suspicious_score, ): return scores