From eb9b542bc818071b9eee41c3583b7e6e172b3a53 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Fri, 17 Jun 2016 19:09:13 +0000 Subject: [PATCH] Update client to use json serialization This changes the client to use json serialization rather than pickles. Related: CVE-2016-1000003 Signed-off-by: Patrick Uiterwijk --- client/report_mirror | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/client/report_mirror b/client/report_mirror index 89317409..2b97aed2 100755 --- a/client/report_mirror +++ b/client/report_mirror @@ -1,7 +1,7 @@ #!/usr/bin/python import os, sys -import pickle +import json import ConfigParser import pprint import xmlrpclib @@ -186,7 +186,7 @@ def get_stats(conf, section): try: f = open(fn, 'r') contents = contents + f.readlines() - statsdata[name] = pickle.dumps(contents, -1) + statsdata[name] = json.dumps(contents, -1) f.close() except: pass @@ -284,7 +284,7 @@ def main(): get_exclude_dir_patterns_from_file(options) if options.input: infile = open(options.input, 'rb') - item.config = pickle.load(infile) + item.config = json.load(infile) infile.close() if not config(options.config, item, crawl=False): sys.exit(1) @@ -292,7 +292,7 @@ def main(): if not config(options.config, item, crawl=True): sys.exit(1) - p = pickle.dumps(item.config, -1) + p = json.dumps(item.config, -1) if options.debug: pp = pprint.PrettyPrinter(indent=4)