bpo-37977: Warn more strongly and clearly about pickle security #15595
Conversation
lordmauve
force-pushed
the
big-red-pickle-warning
branch
2 times, most recently
from
41f327d
to
07e1e09
Compare
|
There is already a section titled "Comparison with json", so perhaps move the sentence stating json is secure there? |
|
Hmm, good point. I don't think we should move it there because it wouldn't form part of the security warning, but we should link to that section - and that section should state again that JSON doesn't have the arbitrary code execution issue. |
Doc/library/pickle.rst
Outdated
| Consider signing data with :mod:`hmac` if you need to ensure that it has not | ||
| been tampered with. | ||
|
|
||
| The JSON data interchange format provided by the :mod:`json` module is more |
There was a problem hiding this comment.
I recommend leaving this out. It goes well past giving an informative warning and moves into editorializing. Also, for many uses of pickle, JSON is no substitute.
There was a problem hiding this comment.
I have changed this sentence to be less discursive and simply point to the json module and the "Comparison with json" section lower down.
Mention also that JSON is not usually subject to ACE vulnerabilities, and link to the Comparison with JSON section.
lordmauve
force-pushed
the
big-red-pickle-warning
branch
from
07e1e09
to
ffa614e
Compare
|
Thanks @lordmauve for the PR, and @rhettinger for merging it 🌮🎉.. I'm working now to backport this PR to: 3.8. |
|
Sorry @lordmauve and @rhettinger, I had trouble checking out the |
|
Thanks @lordmauve for the PR, and @rhettinger for merging it 🌮🎉.. I'm working now to backport this PR to: 3.8. |
|
GH-15629 is a backport of this pull request to the 3.8 branch. |
…onGH-15595) (cherry picked from commit daa82d0) Co-authored-by: Daniel Pope <lordmauve@users.noreply.github.com>
|
Thanks, everyone! |
Rewrite the red warning at the top of the
picklemodule documentation.https://bugs.python.org/issue37977