add jsonpickle and pexpect libs in case of unsafe decoding and secondary command execution, add proper test cases

2026-05-05 05:35:13 +02:00 · 2024-02-25 17:15:35 +04:00
parent 3e6b4a161b
commit ab219902a9
13 changed files with 169 additions and 2 deletions
--- a/python/ql/test/library-tests/frameworks/jsonpickle/ConceptsTest.expected
+++ b/python/ql/test/library-tests/frameworks/jsonpickle/ConceptsTest.expected
@@ -0,0 +1,2 @@
+testFailures
+failures
--- a/python/ql/test/library-tests/frameworks/jsonpickle/ConceptsTest.ql
+++ b/python/ql/test/library-tests/frameworks/jsonpickle/ConceptsTest.ql
@@ -0,0 +1,2 @@
+import python
+import experimental.meta.ConceptsTest
--- a/python/ql/test/library-tests/frameworks/jsonpickle/Decode.py
+++ b/python/ql/test/library-tests/frameworks/jsonpickle/Decode.py
@@ -0,0 +1,15 @@
+import os
+
+import jsonpickle
+
+
+class Thing(object):
+    def __reduce__(self):
+        return os.system, ("curl 127.0.0.1:1234",)
+
+
+obj = Thing()
+
+pickledObj = jsonpickle.encode(obj)
+objUnPickled = jsonpickle.decode(pickledObj, safe=True)  # $ decodeInput=pickledObj decodeOutput=jsonpickle.decode(..) decodeFormat=pickle decodeMayExecuteInput
+print(objUnPickled.name)