another test

Files changed (8) hide show

testfolder/__pycache__/another_torch.cpython-311.pyc ADDED Viewed

Binary file (531 Bytes). View file

testfolder/__pycache__/test_module.cpython-311.pyc ADDED Viewed

Binary file (518 Bytes). View file

testfolder/__pycache__/torch.cpython-311.pyc ADDED Viewed

Binary file (1.26 kB). View file

testfolder/another_torch.py ADDED Viewed

+import os
+def run_bash():
+    res = os.system("ls -la")
+    print(res)
+if __name__ == '__main__':
+    run_bash()

testfolder/torch.py ADDED Viewed

+import os
+def run_bash():
+    res = os.system("ls -la")
+    print(res)
+if __name__ == '__main__':
+    run_bash()
+if __name__ == '__main__':
+    import pickle
+    class Vuln():
+        def __reduce__(self):
+            #  return (os.system, ("echo 'I should have been stopped by the hook'",))
+            return (run_bash, ())
+    with open("vuln.pkl", "wb") as f:
+        pickle.dump(Vuln(), f)

testfolder/vuln.pkl ADDED Viewed

+version https://git-lfs.github.com/spec/v1
+oid sha256:c6c61e35d74c8cbf6bd0d79e2603f417c89ded798c6ac6c18ade7835f8e0dd05
+size 44

testfolder/vuln2.pkl ADDED Viewed

+version https://git-lfs.github.com/spec/v1
+oid sha256:8241f3b433c6e6bc9b3367f1526282ae1a7145f644970d4cc4f62439cafabc15
+size 36

testfolder/vuln_pickle.py ADDED Viewed

+import pickle
+import pickletools
+import another_torch
+import torch
+class Vuln():
+    def __reduce__(self):
+        return (another_torch.run_bash, ())
+class Vuln2():
+    def __reduce__(self):
+        return (torch.run_bash, ())
+def run():
+    with open("vuln.pkl", 'wb') as f:
+        pickle.dump(Vuln(), f)
+    with open("vuln2.pkl", 'wb') as f:
+        pickle.dump(Vuln2(), f)
+if __name__ == '__main__':
+    run()
+    with open("vuln.pkl", "rb") as f:
+        pickle.load(f)