dkteg
commited on
Commit
·
e170a7a
1
Parent(s):
726c793
broken pkl
Browse files- dynamic_payload.test +0 -0
- safety_results.json +39 -0
- test_broken_pkl.pkl +3 -0
dynamic_payload.test
ADDED
|
Binary file (61 Bytes). View file
|
|
|
safety_results.json
ADDED
|
@@ -0,0 +1,39 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
{
|
| 2 |
+
"severity": "LIKELY_UNSAFE",
|
| 3 |
+
"analysis": "Call to `getattr(dict, 'get')` can execute arbitrary code and is inherently unsafe\nCall to `globals()` can execute arbitrary code and is inherently unsafe\nCall to `_var0(_var1, '__builtins__')` can execute arbitrary code and is inherently unsafe\nCall to `getattr(_var2, 'exec')` can execute arbitrary code and is inherently unsafe\nCall to `_var4(_var5, '__builtins__')` can execute arbitrary code and is inherently unsafe\nCall to `getattr(_var6, 'eval')` can execute arbitrary code and is inherently unsafe\nCall to `_var7(...)` can execute arbitrary code and is inherently unsafe\nCall to `_var3(_var8)` can execute arbitrary code and is inherently unsafe\nVariable `_var9` is assigned value `_var3(_var8)` but unused afterward; this is suspicious and indicative of a malicious pickle file",
|
| 4 |
+
"detailed_results": {
|
| 5 |
+
"AnalysisResult": {
|
| 6 |
+
"OvertlyBadEval": "_var3(_var8)",
|
| 7 |
+
"UnusedVariables": [
|
| 8 |
+
"_var9",
|
| 9 |
+
"_var3(_var8)"
|
| 10 |
+
]
|
| 11 |
+
}
|
| 12 |
+
}
|
| 13 |
+
}{
|
| 14 |
+
"severity": "LIKELY_UNSAFE",
|
| 15 |
+
"analysis": "`from __main__ import FunctionBuilder._build_and_run` imports a Python module that is not a part of the standard library; this can execute arbitrary code and is inherently unsafe\nCall to `FunctionBuilder._build_and_run()` can execute arbitrary code and is inherently unsafe\nVariable `_var0` is assigned value `FunctionBuilder._build_and_run()` but unused afterward; this is suspicious and indicative of a malicious pickle file",
|
| 16 |
+
"detailed_results": {
|
| 17 |
+
"AnalysisResult": {
|
| 18 |
+
"NonStandardImports": "from __main__ import FunctionBuilder._build_and_run",
|
| 19 |
+
"OvertlyBadEval": "FunctionBuilder._build_and_run()",
|
| 20 |
+
"UnusedVariables": [
|
| 21 |
+
"_var0",
|
| 22 |
+
"FunctionBuilder._build_and_run()"
|
| 23 |
+
]
|
| 24 |
+
}
|
| 25 |
+
}
|
| 26 |
+
}{
|
| 27 |
+
"severity": "LIKELY_UNSAFE",
|
| 28 |
+
"analysis": "`from __main__ import FunctionBuilder._build_and_run` imports a Python module that is not a part of the standard library; this can execute arbitrary code and is inherently unsafe\nCall to `FunctionBuilder._build_and_run()` can execute arbitrary code and is inherently unsafe\nVariable `_var0` is assigned value `FunctionBuilder._build_and_run()` but unused afterward; this is suspicious and indicative of a malicious pickle file",
|
| 29 |
+
"detailed_results": {
|
| 30 |
+
"AnalysisResult": {
|
| 31 |
+
"NonStandardImports": "from __main__ import FunctionBuilder._build_and_run",
|
| 32 |
+
"OvertlyBadEval": "FunctionBuilder._build_and_run()",
|
| 33 |
+
"UnusedVariables": [
|
| 34 |
+
"_var0",
|
| 35 |
+
"FunctionBuilder._build_and_run()"
|
| 36 |
+
]
|
| 37 |
+
}
|
| 38 |
+
}
|
| 39 |
+
}
|
test_broken_pkl.pkl
ADDED
|
@@ -0,0 +1,3 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
version https://git-lfs.github.com/spec/v1
|
| 2 |
+
oid sha256:c15c580e582ec7fd0df3e7d4d66a3dac2b9e851e19f7daec620aafeb5ceba4f0
|
| 3 |
+
size 892
|