trailofbits.python.scikit-joblib-load.scikit-joblib-load
trailofbits
Author
unknown
Download Count*
License
Scikit joblib
uses pickle under the hood. Functions reliant on pickle can result in arbitrary code execution. Consider using skops
instead.
Run Locally
Run in CI
Defintion
rules:
- id: scikit-joblib-load
message: Scikit `joblib` uses pickle under the hood. Functions reliant on pickle
can result in arbitrary code execution. Consider using `skops` instead.
languages:
- python
severity: ERROR
metadata:
category: security
cwe: "CWE-502: Deserialization of Untrusted Data"
subcategory:
- vuln
confidence: MEDIUM
likelihood: MEDIUM
impact: HIGH
technology:
- scikit
description: Potential arbitrary code execution from `SciKit.Joblib` functions
reliant on pickling
references:
- https://scikit-learn.org/stable/model_persistence.html
license: AGPL-3.0 license
vulnerability_class:
- "Insecure Deserialization "
patterns:
- pattern: joblib.load(...)
- pattern-not: joblib.load("...")
Examples
scikit-joblib-load.py
import joblib
import skops.io as sio
path = "test.joblib"
# ok: scikit-joblib-load
joblib.load(path)
# ruleid: scikit-joblib-load
joblib.load(input())
def test(param):
param += ".joblib"
# ruleid: scikit-joblib-load
x = joblib.load(param)
# ok: scikit-joblib-load
unknown_types = sio.get_untrusted_types(param)
clf = sio.loads(param, trusted=unknown_types)
# ok: scikit-joblib-load
clf = sio.loads(param, trusted=True)
return x, clf
Short Link: https://sg.run/wzW6