Python: Model pickle.Unpickler

Author: RasmusWL

python/ql/lib/semmle/python/frameworks/Stdlib.qll

@@ -498,6 +498,22 @@ private module StdlibPrivate {
     override string getFormat() { result = "pickle" }
   }
 
+  /**
+   * A construction of a `pickle.Unpickler`
+   * See https://docs.python.org/3/library/pickle.html#pickle.Unpickler
+   */
+  private class PickleUnpicklerCall extends Decoding::Range, DataFlow::CallCfgNode {
+    PickleUnpicklerCall() { this = pickle().getMember("Unpickler").getACall() }
+
+    override predicate mayExecuteInput() { any() }
+
+    override DataFlow::Node getAnInput() { result in [this.getArg(0), this.getArgByName("file")] }
+
+    override DataFlow::Node getOutput() { result = this.getAMethodCall("load") }
+
+    override string getFormat() { result = "pickle" }
+  }
+
   // ---------------------------------------------------------------------------
   // shelve
   // ---------------------------------------------------------------------------

python/ql/test/library-tests/frameworks/stdlib/Decoding.py

@@ -9,6 +9,14 @@
 # using this keyword argument is disallowed from Python 3.9
 pickle.loads(data=payload)  # $ decodeInput=payload decodeOutput=pickle.loads(..) decodeFormat=pickle decodeMayExecuteInput
 
+# We don't really have a good way to model a decode happening over multiple statements
+# like this. Since the important bit for `py/unsafe-deserialization` is the input, that
+# is the main focus. We do a best effort to model the output though (but that will only
+# work in local scope).
+unpickler = pickle.Unpickler(file_) # $ decodeInput=file_ decodeFormat=pickle decodeMayExecuteInput
+unpickler.load() # $ decodeOutput=unpickler.load()
+unpickler = pickle.Unpickler(file=file_) # $ decodeInput=file_ decodeFormat=pickle decodeMayExecuteInput
+
 marshal.load(file_)  # $ decodeInput=file_ decodeOutput=marshal.load(..) decodeFormat=marshal decodeMayExecuteInput
 marshal.loads(payload)  # $ decodeInput=payload decodeOutput=marshal.loads(..) decodeFormat=marshal decodeMayExecuteInput