From c0ecb232b8741c118ff8f02a28232f0ab4759963 Mon Sep 17 00:00:00 2001
From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com>
Date: Wed, 19 Mar 2025 03:24:21 +0000
Subject: [PATCH] Harden `pickle.load()` against deserialization attacks

---
 pyproject.toml                                               | 1 +
 .../02_structured_files/01_pickle/01_pickle/c_dump_load.py   | 5 +++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/pyproject.toml b/pyproject.toml
index bc0c066c..bd278ea8 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -13,6 +13,7 @@ pytest = "^7.1.3"
 requests = "^2.28.1"
 jupyter = "^1.0.0"
 ipython = "^8.5.0"
+fickling = ">=0.1.3,~=0.1.0"
 
 
 [tool.poetry.group.dev.dependencies]
diff --git a/python3/11_File_Operations/02_structured_files/01_pickle/01_pickle/c_dump_load.py b/python3/11_File_Operations/02_structured_files/01_pickle/01_pickle/c_dump_load.py
index 41909f9d..a4be8e21 100644
--- a/python3/11_File_Operations/02_structured_files/01_pickle/01_pickle/c_dump_load.py
+++ b/python3/11_File_Operations/02_structured_files/01_pickle/01_pickle/c_dump_load.py
@@ -15,6 +15,7 @@
             loads -- from a python string
 """
 import pickle
+import fickling
 
 data = (
     123,
@@ -35,7 +36,7 @@
     f.close()
 
 with open("serialized_data.pkl", "rb") as g:
-    retrieved_data = pickle.load(g)
+    retrieved_data = fickling.load(g)
     print(f"retrieved_data: {retrieved_data} {type(retrieved_data)}")
 
 assert data == retrieved_data
@@ -48,7 +49,7 @@
     f.close()
 
 with open("serialized_data.pkl", "rb") as g:
-    retrieved_data = pickle.load(g)
+    retrieved_data = fickling.load(g)
     print(f"retrieved_data: {retrieved_data} {type(retrieved_data)}")
 
 # cpython - it is c implementation of python