Describe the issue
Security code scanning alert 567 flagged a case of deserializing a user-provided value without checking boundaries or doing other safety checks. It happens on line 283, where a load() function is called after reading a file:
raise TypeError('Operator of invalid type.')
else:
with open(file_path, 'rb') as f:
data = marshal.load(f)We should fix this to be safer.
What version of this software are you using?
0.23.0.dev0
How can the issue be reproduced?
No response
Describe the issue
Security code scanning alert 567 flagged a case of deserializing a user-provided value without checking boundaries or doing other safety checks. It happens on line 283, where a
load()function is called after reading a file:We should fix this to be safer.
What version of this software are you using?
0.23.0.dev0
How can the issue be reproduced?
No response