Skip to content

Commit

Permalink
Merge pull request nltk#3290 from ekaf/restrict_pickle
Browse files Browse the repository at this point in the history 
Prevent data.load from unpickling classes or functions
  • Loading branch information
@stevenbird
stevenbird authored Jul 25, 2024
2 parents aba99c8 + a12d0a6 commit 11be99e
Showing 1 changed file with 10 additions and 1 deletion.
11 changes: 10 additions & 1 deletion nltk/data.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -658,6 +658,15 @@ def retrieve(resource_url, filename=None, verbose=True):
}


def restricted_pickle_load(string):
"""
Prevents any class or function from loading.
"""
from nltk.app.wordnet_app import RestrictedUnpickler

return RestrictedUnpickler(BytesIO(string)).load()


def load(
resource_url,
format="auto",
Expand Down Expand Up @@ -751,7 +760,7 @@ def load(
if format == "raw":
resource_val = opened_resource.read()
elif format == "pickle":
resource_val = pickle.load(opened_resource)
resource_val = restricted_pickle_load(opened_resource.read())
elif format == "json":
import json

Expand Down

0 comments on commit 11be99e

Please sign in to comment.