Skip to content

Security: Unsafe deserialization of pickle log files#724

Closed
qdzsh wants to merge 1 commit into
OpenPipe:mainfrom
qdzsh:contribai/fix/security/unsafe-deserialization-of-pickle-log-fil
Closed

Security: Unsafe deserialization of pickle log files#724
qdzsh wants to merge 1 commit into
OpenPipe:mainfrom
qdzsh:contribai/fix/security/unsafe-deserialization-of-pickle-log-fil

Conversation

@qdzsh

@qdzsh qdzsh commented Jun 9, 2026

Copy link
Copy Markdown

Summary

Security: Unsafe deserialization of pickle log files

Problem

Severity: High | File: src/art/langgraph/logging.py:L23

FileLogger.load_logs() deserializes entries from a .pkl file using pickle.load(). Pickle is not safe for untrusted or tampered data and can execute arbitrary code during deserialization. If an attacker can write or replace the pickle log file, loading logs can lead to code execution in the caller's process.

Solution

Avoid pickle for log storage. Use a safe format such as JSON Lines, msgpack without object hooks, or another data-only serialization format. If backwards compatibility is required, only load pickle files from trusted locations with strict file permissions and clearly document that they must never be opened from untrusted sources.

Changes

  • src/art/langgraph/logging.py (modified)

Testing

  • Existing tests pass
  • Manual review completed
  • No new warnings/errors introduced

Generated by ContribAI v6.8.0

FileLogger.load_logs() deserializes entries from a .pkl file using pickle.load(). Pickle is not safe for untrusted or tampered data and can execute arbitrary code during deserialization. If an attacker can write or replace the pickle log file, loading logs can lead to code execution in the caller's process.

Affected files: logging.py

Signed-off-by: Quang Do <github@qdzsh.dev>
@qdzsh qdzsh closed this Jun 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant