chore: support Python 3.13, prep for 3.14

woodruffw · woodruffw · commit 95b5a5d23fa6 · 2025-06-05T15:43:39.000-04:00
Signed-off-by: William Woodruff &lt;william@trailofbits.com&gt;
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
+        python-version: ["3.8", "3.9", "3.10", "3.11", "3.12", "3.13"]
 
     steps:
       - uses: actions/checkout@v4
diff --git a/README.md b/README.md
@@ -22,7 +22,7 @@ Fickling can be used both as a **python library** and a **CLI**.
 
 ## Installation
 
-Fickling has been tested on Python 3.8 through Python 3.11 and has very few dependencies.
+Fickling has been tested on Python 3.8 through Python 3.13 and has very few dependencies.
 Both the library and command line utility can be installed through pip:
 
 ```bash
@@ -38,7 +38,7 @@ python -m pip install fickling[torch]
 
 ## Securing AI/ML environments
 
-Fickling can help securing AI/ML codebases by automatically scanning pickle files contained in 
+Fickling can help securing AI/ML codebases by automatically scanning pickle files contained in
 models. Fickling hooks the pickle module and verifies imports made when loading a model. It only
 checks the imports against an allowlist of imports from ML libraries that are considered safe, and blocks files that contain other imports.
 
@@ -50,7 +50,7 @@ import fickling
 fickling.hook.activate_safe_ml_environment()
 ```
 
-To remove the protection: 
+To remove the protection:
 
 ```python
 fickling.hook.deactivate_safe_ml_environment()
@@ -82,7 +82,7 @@ raises an `UnsafeFileError` exception if malicious content is detected in the fi
 # This enforces safety checks every time pickle.load() is used
 fickling.always_check_safety()
 
-# Attempt to load an unsafe file now raises an exception  
+# Attempt to load an unsafe file now raises an exception
 with open("file.pkl", "rb") as f:
     try:
         pickle.load(f)
@@ -108,7 +108,7 @@ pickle.load("file.pkl")
 #### Option 3: check and load a single file
 
 ```python
-# Use fickling.load() in place of pickle.load() to check safety and load a single pickle file 
+# Use fickling.load() in place of pickle.load() to check safety and load a single pickle file
 try:
     fickling.load("file.pkl")
 except fickling.UnsafeFileError as e:
@@ -201,8 +201,8 @@ Module(
 
 ### PyTorch polyglots
 
-PyTorch contains multiple file formats with which one can make polyglot files, which 
-are files that can be validly interpreted as more than one file format. 
+PyTorch contains multiple file formats with which one can make polyglot files, which
+are files that can be validly interpreted as more than one file format.
 Fickling supports identifying, inspecting, and creating polyglots with the
 following PyTorch file formats:
 
@@ -223,7 +223,7 @@ following PyTorch file formats:
 >> torch.save(model, "mobilenet.pth")
 >> fickled_model = PyTorchModelWrapper("mobilenet.pth")
 >> print(fickled_model.formats)
-Your file is most likely of this format:  PyTorch v1.3 
+Your file is most likely of this format:  PyTorch v1.3
 ['PyTorch v1.3']
 ```
 
diff --git a/fickling/fickle.py b/fickling/fickle.py
@@ -4,14 +4,13 @@
 import struct
 import sys
 from abc import ABC, abstractmethod
-from collections.abc import MutableSequence, Sequence
+from collections.abc import Buffer, MutableSequence, Sequence
 from enum import Enum
 from io import BytesIO
 from pickletools import OpcodeInfo, genops, opcodes
 from typing import (
     Any,
     BinaryIO,
-    ByteString,
     Dict,
     FrozenSet,
     Generic,
@@ -715,15 +714,15 @@ def opcodes(self) -> Iterator[Opcode]:
         return iter(self)
 
     @staticmethod
-    def make_stream(data: Union[ByteString, BinaryIO]) -> BinaryIO:
-        if isinstance(data, (bytes, bytearray, ByteString)):
+    def make_stream(data: Union[Buffer, BinaryIO]) -> BinaryIO:
+        if isinstance(data, (bytes, bytearray, Buffer)):
             data = BytesIO(data)
         elif (not hasattr(data, "seekable") or not data.seekable()) and hasattr(data, "read"):
             data = BytesIO(data.read())
         return data
 
     @staticmethod
-    def load(pickled: Union[ByteString, BinaryIO]) -> "Pickled":
+    def load(pickled: Union[Buffer, BinaryIO]) -> "Pickled":
         pickled = Pickled.make_stream(pickled)
         first_pos = pickled.tell()
         opcodes: List[Opcode] = []
@@ -1733,7 +1732,7 @@ def __len__(self) -> int:
         return len(self.pickled)
 
     @staticmethod
-    def load(pickled: Union[ByteString, BinaryIO]) -> "StackedPickle":
+    def load(pickled: Union[Buffer, BinaryIO]) -> "StackedPickle":
         pickled = Pickled.make_stream(pickled)
         pickles: List[Pickled] = []
         while True:
diff --git a/pyproject.toml b/pyproject.toml
@@ -17,14 +17,26 @@ classifiers = [
   "Programming Language :: Python :: 3 :: Only",
   "Topic :: Utilities",
 ]
-dependencies = ["astunparse ~= 1.6.3", "stdlib_list ~= 0.10.0"]
+dependencies = ["astunparse ~= 1.6.3", "stdlib_list ~= 0.11.1"]
 requires-python = ">=3.8"
 
 [project.optional-dependencies]
 torch = ["torch >= 2.1.0", "torchvision >= 0.16.1"]
 lint = ["black", "mypy", "ruff==0.5.4"]
-test = ["pytest", "pytest-cov", "coverage[toml]", "torch >= 2.1.0", "torchvision >= 0.16.1"]
-dev = ["build", "fickling[lint,test]", "twine", "torch >= 2.1.0", "torchvision >= 0.16.1"]
+test = [
+  "pytest",
+  "pytest-cov",
+  "coverage[toml]",
+  "torch >= 2.1.0",
+  "torchvision >= 0.16.1",
+]
+dev = [
+  "build",
+  "fickling[lint,test]",
+  "twine",
+  "torch >= 2.1.0",
+  "torchvision >= 0.16.1",
+]
 examples = ["numpy", "pytorchfi"]
 
 [project.scripts]
