[issue44757] Insecure Deserialization

2021-07-28 Thread Steven D'Aprano
Steven D'Aprano added the comment: This is a bug tracker, not a community help desk or forum to discuss code you would like to write but don't know how. I suggest you subscribe to the Python-List mailing list, or go to Reddit's r/learnpython, as post there to discuss this. But you might want

[issue44757] Insecure Deserialization

2021-07-28 Thread đź–¤Black Jokerđź–¤
đź–¤Black Jokerđź–¤ added the comment: Hi Steven D'Aprano, well first of all thank you to posting reply on this. Could please fix this follwoing errors of the code? import python from CallNode call where call = value::named("yaml.load").getACall() where call.getrNode(), "yaml.load function is unsafe

[issue44757] Insecure Deserialization

2021-07-27 Thread Steven D'Aprano
Steven D'Aprano added the comment: Hi Joker. Please don't post screenshots and images of code. It is difficult or impossible for the visually impaired and blind to view with a screen reader, and as we don't use Photoshop to edit code, it makes it hard to copy and run the code. Your code is

[issue44757] Insecure Deserialization

2021-07-27 Thread đź–¤Black Jokerđź–¤
Change by đź–¤Black Jokerđź–¤ : Added file: https://bugs.python.org/file50188/1_9WKsHGuOMbSsXo24PZepuw.png ___ Python tracker ___ ___ Python-bugs-l

[issue44757] Insecure Deserialization

2021-07-27 Thread đź–¤Black Jokerđź–¤
New submission from đź–¤Black Jokerđź–¤ : There are a number of techniques for reading external files and loading their content into (de/serializing) Python objects. Pickle is one such powerful serialization technique that is inherently risky, especially when an attacker tampers with serialized data