Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How can I report if there's a potential vulnerability #174

Closed
William957-web opened this issue May 8, 2024 · 13 comments
Closed

How can I report if there's a potential vulnerability #174

William957-web opened this issue May 8, 2024 · 13 comments

Comments

@William957-web
Copy link

William957-web commented May 8, 2024
edited
Loading

I found out a vulnerability in this library, how can I report it?
Already reported cve.
@William957-web
Copy link
Author

@piskvorky

@mpenkov
Copy link
Collaborator

mpenkov commented May 8, 2024

I think you can just report the issue here

@William957-web
Copy link
Author

@mpenkov @piskvorky
CVE-2024-35515

@piskvorky
Copy link
Owner

piskvorky commented Jun 8, 2024
edited
Loading

Thanks. Closing until there's a clearly demonstrated proof-of-concept or attack vector. Ideally with a mitigation PR where relevant.

@William957-web
Copy link
Author

William957-web commented Jun 9, 2024
edited
Loading

@piskvorky
https://william957-web.github.io/sqlitedict-vuln-report.zip
Additional details

@mpenkov
Copy link
Collaborator

mpenkov commented Jun 10, 2024

Isn't this a problem with pickle, not with sqlitedict itself?

@William957-web
Copy link
Author

@mpenkov
Probably not, for example, you won't say that code injection vulnerbility is the problem with eval.
In fact, there're serveral prevention due to pickle deserialization(like check object titles, sandboxes...), and ML often used libraries like clearML, pytorch also patched this kind of vulnerabilities.

@William957-web
Copy link
Author

William957-web commented Jun 20, 2024
edited
Loading

@mpenkov @piskvorky
patched version (Reference:https://docs.python.org/3/library/pickle.html):

import builtins
import io
import pickle

safe_builtins = {
    'range',
    'complex',
    'set',
    'frozenset',
    'slice',
}

class RestrictedUnpickler(pickle.Unpickler):

    def find_class(self, module, name):
        # Only allow safe classes from builtins.
        if module == "builtins" and name in safe_builtins:
            return getattr(builtins, name)
        # Forbid everything else.
        raise pickle.UnpicklingError("global '%s.%s' is forbidden" %
                                     (module, name))

def restricted_loads(s):
    """Helper function analogous to pickle.loads()."""
    return RestrictedUnpickler(io.BytesIO(s)).load()

and change the decode and decode_key function's loads into restricted_loads.
The only drawback of this prevention is that user can't store other none builtin data types(like numpy or else(but I think the functions can be replaced just by sqlitedict!))...

@yoni13
Copy link

yoni13 commented Aug 16, 2024

Just asking,is this vuln patched?

@mpenkov
Copy link
Collaborator

mpenkov commented Aug 16, 2024

No, we didn't consider this worth patching, right @piskvorky ?

@piskvorky
Copy link
Owner

Correct.

@yoni13
Copy link

yoni13 commented Aug 16, 2024
edited
Loading

After I read those pdfs, I think add a warning to warn user don't load untrusted db file is actually enough.

What do you think @William957-web ?

@William957-web
Copy link
Author

@yoni13
Yeah, I agree with your idea!
@piskvorky

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@piskvorky @mpenkov @yoni13 @William957-web