From 6f5cc7b9ee84874a91ed1c49fd9cd3929e071268 Mon Sep 17 00:00:00 2001 From: Rachel Clune Date: Wed, 17 Sep 2025 16:59:34 -0700 Subject: [PATCH 1/2] Add warning for pose.cache security risks --- .../python/PyRosetta/src/pyrosetta/bindings/scores/core.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/source/src/python/PyRosetta/src/pyrosetta/bindings/scores/core.py b/source/src/python/PyRosetta/src/pyrosetta/bindings/scores/core.py index b097fbdf68..594a85db19 100644 --- a/source/src/python/PyRosetta/src/pyrosetta/bindings/scores/core.py +++ b/source/src/python/PyRosetta/src/pyrosetta/bindings/scores/core.py @@ -42,6 +42,11 @@ class PoseCacheAccessor(PoseCacheAccessorBase, MutableMapping): arbitrary python objects to/from base64-encoded pickled byte streams, and stores/retrieves `float` and `str` objects without serialization. + **Warning**: The pose.cache dictionary uses the pickle module to serialze and deserialize arbitrary scores in the Pose object. + When depickling (deserializing) is performed arbitrary code can be executed, learn more `here `_. + The pose.cache object is only stored in memory, so this is only a risk if these objects are sent to a user in memory over a network + such as a socket, queue, shared cache, etc. If you need to retrieve a pose.cache dictionary this way please make sure it is from a trusted source. + Examples: Get score dictionaries: From cd676afd9af900affd766b0a2227067b6182014a Mon Sep 17 00:00:00 2001 From: Rachel Clune Date: Tue, 23 Sep 2025 15:37:52 -0700 Subject: [PATCH 2/2] Updated pickle warning message --- .../src/python/PyRosetta/src/pyrosetta/bindings/scores/core.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/src/python/PyRosetta/src/pyrosetta/bindings/scores/core.py b/source/src/python/PyRosetta/src/pyrosetta/bindings/scores/core.py index 594a85db19..16254e2fb4 100644 --- a/source/src/python/PyRosetta/src/pyrosetta/bindings/scores/core.py +++ b/source/src/python/PyRosetta/src/pyrosetta/bindings/scores/core.py @@ -42,7 +42,7 @@ class PoseCacheAccessor(PoseCacheAccessorBase, MutableMapping): arbitrary python objects to/from base64-encoded pickled byte streams, and stores/retrieves `float` and `str` objects without serialization. - **Warning**: The pose.cache dictionary uses the pickle module to serialze and deserialize arbitrary scores in the Pose object. + **Warning**: ONLY LOAD DATA YOU TRUST. The pose.cache dictionary uses the pickle module to serialze and deserialize arbitrary scores in the Pose object. When depickling (deserializing) is performed arbitrary code can be executed, learn more `here `_. The pose.cache object is only stored in memory, so this is only a risk if these objects are sent to a user in memory over a network such as a socket, queue, shared cache, etc. If you need to retrieve a pose.cache dictionary this way please make sure it is from a trusted source.