Python object deserialization of user-supplied data
Description
The application deserializes Python objects from user-controlled input using the pickle library or similar serialization mechanisms. Python's pickle module is inherently unsafe when used with untrusted data because it can execute arbitrary code during the deserialization process. This vulnerability occurs when the application accepts serialized Python objects from external sources without proper validation, creating a critical security risk.
Remediation
Immediately stop deserializing untrusted data using pickle or any similar Python serialization library. Implement the following remediation steps:
1. Replace pickle with safe alternatives:
Use JSON or other data-only formats that cannot execute code during deserialization:
import json # Instead of pickle.loads(user_data) safe_data = json.loads(user_data)
2. If you must deserialize complex objects:
• Use cryptographic signatures (HMAC) to verify data integrity before deserialization
• Implement strict allowlisting of permitted classes
• Deserialize only from trusted, authenticated sources
import hmac
import hashlib
def verify_and_deserialize(data, signature, secret_key):
expected_sig = hmac.new(secret_key, data, hashlib.sha256).digest()
if not hmac.compare_digest(signature, expected_sig):
raise ValueError("Invalid signature")
# Only deserialize after verification
return pickle.loads(data)
3. Implement defense-in-depth measures:
• Run the application with minimal privileges
• Use sandboxing or containerization to limit the impact of exploitation
• Monitor and log all deserialization operations
• Conduct security code reviews to identify all deserialization points
4. For data exchange:
Consider using structured formats like JSON, Protocol Buffers, or MessagePack that separate data from code.