Skip to content

Python RestrictedUnpickler issue #5

New issue
New issue
Closed
Closed
Python RestrictedUnpickler issue#5
@ashishsme14

Description

@ashishsme14
ashishsme14
opened on Nov 29, 2020

We had written code as -

import os
import builtins
import pickle
import sys
sys.tracebacklimit=0
import traceback
import io
from logging import Logger

safe_builtins = {
        'range',
        'complex',
        'set',
        'frozenset'
        }

class RestrictedUnpickler(pickle.Unpickler):
  def find_class(self, module, name):
  # Only allow safe classes from builtins.
   if module == "builtins" and name in safe_builtins:
       return getattr(builtins, name)
    # Forbid everything else.
   raise pickle.UnpicklingError("global '%s.%s' is forbidden" %
   (module, name))

def restricted_loads(s):
    """Helper function analogous to pickle.loads()."""
    return RestrictedUnpickler(io.BytesIO(s)).load()

def func1(a): 
  try: 
    x= restricted_loads(pickle.dumps(a))
    return x 
  except pickle.UnpicklingError : 
    s= pickle.UnpicklingError("unsupported persistent object") 
    return s

def func2(s):
  try:
    x=restricted_loads(pickle.dumps(s))
    return s[x]
  except pickle.UnpicklingError :
    s=traceback.format_exc()
    return s
    
if __name__ == "__main__":
       a=range(int(input())) 
       b=func1(a)
       print(b)
       y=tuple(input())
       z=func2(y)
       print(z)

Getting
TypeError: tuple indices must be integers or slices, not tuple

Input (stdin)

50 
"a", "b", "c", "d", "e", "f", "g", "h"

Your Output (stdout)
range(0, 50)

Expected Output

range(0, 50) 
Traceback (most recent call last): 
_pickle.UnpicklingError: global 'builtins.slice' is forbidden

image

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions