Replace pickle with json serialization #10
Comments
|
This is a tough issue. The whole purpose of pickling the data processor object is so that you can execute arbitrary code; there could be a potential workaround to preserve the data processor state in such a way that future examples are preprocessed precisely according to the data processor standards at the time of versioned dataset publication (not necessarily in line with any git commit). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Pickle has known arbitrary code execution vulnerabilities. These vulnerabilities are mitigated by the fact that we are only unpickling objects from local files and S3 buckets that the user trusts; however, there is still a risk that the user inadvertently unpickles a malicious object that they did not produce themselves. Changing the serialization method from pickle to json would provide a higher level of security to users.
The text was updated successfully, but these errors were encountered: