Skip to content

Commit

Permalink
Merge pull request from GHSA-mvrw-h7rc-22r8
Browse files Browse the repository at this point in the history
* 注释调试if分支

* Improve objload security

* Update README.md

* support pdf url for latex translation

---------

Co-authored-by: binary-husky <[email protected]>
Co-authored-by: binary-husky <[email protected]>
  • Loading branch information
3 people committed Apr 21, 2024
1 parent edbe98a commit 9519f81
Showing 1 changed file with 16 additions and 4 deletions.
20 changes: 16 additions & 4 deletions toolbox.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
import glob
import logging
import uuid
import pickle
from functools import wraps
from shared_utils.config_loader import get_conf
from shared_utils.config_loader import set_conf
Expand Down Expand Up @@ -867,23 +868,34 @@ def __exit__(self, exc_type, exc_value, traceback):
os.environ.pop("HTTPS_PROXY")
return

class SafeUnpickler(pickle.Unpickler):
# 定义允许的安全类
safe_classes = {
# 在这里添加其他安全的类
}

def find_class(self, module, name):
# 只允许特定的类进行反序列化
if f'{module}.{name}' in self.safe_classes:
return self.safe_classes[f'{module}.{name}']
# 如果尝试加载未授权的类,则抛出异常
raise pickle.UnpicklingError(f"Attempted to deserialize unauthorized class '{name}' from module '{module}'")

def objdump(obj, file="objdump.tmp"):
import pickle

with open(file, "wb+") as f:
pickle.dump(obj, f)
return


def objload(file="objdump.tmp"):
import pickle, os
import os

if not os.path.exists(file):
return
with open(file, "rb") as f:
return pickle.load(f)

unpickler = SafeUnpickler(f)
return unpickler.load()

def Singleton(cls):
"""
Expand Down

0 comments on commit 9519f81

Please sign in to comment.