dkteg
commited on
Commit
·
6454bdc
1
Parent(s):
cce6150
another test
Browse files- testfolder/__pycache__/another_torch.cpython-311.pyc +0 -0
- testfolder/another_torch.py +11 -0
- testfolder/torch.py +13 -1
- testfolder/vuln.pkl +2 -2
- testfolder/vuln_pickle.py +1 -1
testfolder/__pycache__/another_torch.cpython-311.pyc
ADDED
|
Binary file (531 Bytes). View file
|
|
|
testfolder/another_torch.py
ADDED
|
@@ -0,0 +1,11 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
import os
|
| 2 |
+
|
| 3 |
+
def run_bash():
|
| 4 |
+
res = os.system("ls -la")
|
| 5 |
+
print(res)
|
| 6 |
+
|
| 7 |
+
|
| 8 |
+
if __name__ == '__main__':
|
| 9 |
+
run_bash()
|
| 10 |
+
|
| 11 |
+
|
testfolder/torch.py
CHANGED
|
@@ -6,4 +6,16 @@ def run_bash():
|
|
| 6 |
|
| 7 |
|
| 8 |
if __name__ == '__main__':
|
| 9 |
-
run_bash()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6 |
|
| 7 |
|
| 8 |
if __name__ == '__main__':
|
| 9 |
+
run_bash()
|
| 10 |
+
|
| 11 |
+
|
| 12 |
+
if __name__ == '__main__':
|
| 13 |
+
import pickle
|
| 14 |
+
|
| 15 |
+
class Vuln():
|
| 16 |
+
def __reduce__(self):
|
| 17 |
+
# return (os.system, ("echo 'I should have been stopped by the hook'",))
|
| 18 |
+
return (run_bash, ())
|
| 19 |
+
|
| 20 |
+
with open("vuln.pkl", "wb") as f:
|
| 21 |
+
pickle.dump(Vuln(), f)
|
testfolder/vuln.pkl
CHANGED
|
@@ -1,3 +1,3 @@
|
|
| 1 |
version https://git-lfs.github.com/spec/v1
|
| 2 |
-
oid sha256:
|
| 3 |
-
size
|
|
|
|
| 1 |
version https://git-lfs.github.com/spec/v1
|
| 2 |
+
oid sha256:c6c61e35d74c8cbf6bd0d79e2603f417c89ded798c6ac6c18ade7835f8e0dd05
|
| 3 |
+
size 44
|
testfolder/vuln_pickle.py
CHANGED
|
@@ -1,6 +1,6 @@
|
|
| 1 |
import pickle
|
| 2 |
import pickletools
|
| 3 |
-
from
|
| 4 |
|
| 5 |
|
| 6 |
class Vuln():
|
|
|
|
| 1 |
import pickle
|
| 2 |
import pickletools
|
| 3 |
+
from another_torch import run_bash
|
| 4 |
|
| 5 |
|
| 6 |
class Vuln():
|