gitlab.bandit.B301-1

385

Download Count*

License

Avoid using pickle, which is known to lead to code execution vulnerabilities. When unpickling, the serialized data could be manipulated to run arbitrary code. Instead, consider serializing the relevant data as JSON or a similar text-based serialization format.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: bandit.B301-1
    pattern-either:
      - pattern: pickle.$FUNC(...)
      - pattern: _pickle.$FUNC(...)
    message: >
      Avoid using `pickle`, which is known to lead to code execution
      vulnerabilities.

      When unpickling, the serialized data could be manipulated to run arbitrary code.

      Instead, consider serializing the relevant data as JSON or a similar text-based

      serialization format.
    metadata:
      cwe: "CWE-502: Deserialization of Untrusted Data"
      owasp: "A8: Insecure Deserialization"
      primary_identifier: bandit.B301-1
      secondary_identifiers:
        - name: Bandit Test ID B301-1
          type: bandit_test_id
          value: B301-1
      license: MIT
    severity: WARNING
    languages:
      - python

Short Link: https://sg.run/v20A