[Security] Fix CodeQL alert #34: Deserialization of user-controlled data#86
[Security] Fix CodeQL alert #34: Deserialization of user-controlled data#86colin-d-fried wants to merge 1 commit into
Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| data = request.data | ||
|
|
||
| obj = pickle.loads(data) | ||
| obj = json.loads(data) |
There was a problem hiding this comment.
Removed pickle import but kept pickle usage
High Severity
The import pickle statement was removed and replaced with import json, but pickle.loads() is still called on line 20 in restore_session(). This will cause a NameError at runtime when the /session endpoint is hit. Additionally, the security fix is incomplete — this endpoint still deserializes user-controlled data with pickle, which was the exact vulnerability the PR aims to fix.
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
| @@ -1,4 +1,4 @@ | |||
| import pickle | |||
| import json | |||
There was a problem hiding this comment.
🔴 Removed import pickle but pickle is still used in multiple places, causing NameError at runtime
The PR replaces import pickle with import json but only migrates one of the six pickle.loads() call sites to json.loads(). The remaining five usages at lines 20, 29, 40, 50, and 53 will raise NameError: name 'pickle' is not defined at runtime. This breaks the /session endpoint, /import endpoint, deserialize_object(), and both DataProcessor methods.
Prompt for agents
In vulnerable_deserialization.py, the `import pickle` was removed on line 1 and replaced with `import json`, but pickle is still referenced on lines 20, 29, 40, 50, and 53. Either:
1. Add `import pickle` back (line 1) alongside `import json` to restore the remaining pickle usages, OR
2. Migrate ALL pickle.loads() call sites to use json.loads() (or another safe deserialization method) to complete the intended security fix.
Option 2 is strongly recommended since pickle.loads on untrusted input is a remote code execution vulnerability. Replace pickle.loads() with json.loads() at lines 20, 29, 40, 50, and 53, adjusting for the fact that json.loads expects str/bytes of JSON, not pickle byte streams.
Was this helpful? React with 👍 or 👎 to provide feedback.
1 participant
Summary
Fixes CodeQL alert #34: Deserialization of user-controlled data
vulnerable_deserialization.pyFix Applied
See the diff for the specific secure coding change applied.
Fixes #36
Note
High Risk
Changes request deserialization behavior and removes the
pickleimport while other code paths still callpickle.loads, which can cause runtime failures and leaves other unsafe deserializations unchanged.Overview
Updates
vulnerable_deserialization.pyto stop usingpickle.loadson raw POST body data in the/loadroute, switching tojson.loadsand replacing thepickleimport withjson.Other routes and helpers still call
pickle.loads(now without importingpickle), so the PR likely introducesNameErrorat runtime and does not address remaining user-controlled deserialization sites.Written by Cursor Bugbot for commit 6ecbdfc. This will update automatically on new commits. Configure here.