Add documentation warning about pickled data #73
Comments
|
Alternatively, the |
|
Hi @Cnoor0171, Thank you for identifying this security risk. Would you be satisfied by a change to the readme? If so, we're happy to look over a PR and we'll try to get to it soon. Thanks again, |
|
@martinjm97 I think a warning in the readme would suffice. Just something eye catching since the note about pickling kind of easy to miss and requires the user to already know the security risk about unpickling data. Something like this at the top of the readme section for load:
Feel free to merge #82 if that sounds fine. |
|
Thank you for keeping a watchful eye out wrt security. Much appreciated! --Jesse |
TAP offers this great feature about saving and loading all arguments, along with reproducibility info into a json file. Complex python types are encoded and automatically decoded using the
picklemodule. From the docs,However, the unpickling of untrusted data is a big security risk, since it is possible to construct malicious pickle data which will execute arbitrary code during unpickling. Novice python programmers might not know about the implications of using pickle, or people might assume only json parsing is taking place, and simply not notice the note about pickle.
I think it would be beneficial to include a prominent warning for users not to run
args.load('args.json')on untrusted json files. The warning could either share a short explanation of why its a security risk, or just link to the pickle documentation.The text was updated successfully, but these errors were encountered: