gmakstutis/cognee
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix security issue: Unsafe Pickle Deserialization Enabling Remote Code Execution (CWE-502)

Browse source
This commit is contained in:
pensarapp[bot] 2025-05-22 08:32:14 +00:00 committed by GitHub
parent b1b4ae3d5f
commit e4880abf72
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
cognee/infrastructure/engine/models/DataPoint.py
View file

@ -80,11 +80,7 @@ class DataPoint(BaseModel):
"""Serialize the instance to pickle-compatible bytes."""
return pickle.dumps(self.dict())
@classmethod
def from_pickle(self, pickled_data: bytes):
"""Deserialize the instance from pickled bytes."""
data = pickle.loads(pickled_data)
return self(**data)
# The unsafe from_pickle method is removed due to security concerns (CWE-502).
def to_dict(self, **kwargs) -> Dict[str, Any]:
"""Serialize model to a dictionary."""
@ -93,4 +89,4 @@ class DataPoint(BaseModel):
@classmethod
def from_dict(cls, data: Dict[str, Any]) -> "DataPoint":
"""Deserialize model from a dictionary."""
return cls.model_validate(data)
return cls.model_validate(data)