Harden pickle.load() against deserialization attacks

Author: pixeebot[bot]

pyproject.toml

@@ -13,6 +13,7 @@ pytest = "^7.1.3"
 requests = "^2.28.1"
 jupyter = "^1.0.0"
 ipython = "^8.5.0"
+fickling = ">=0.1.3,~=0.1.0"
 
 
 [tool.poetry.group.dev.dependencies]

python3/11_File_Operations/02_structured_files/01_pickle/01_pickle/c_dump_load.py

@@ -15,6 +15,7 @@
             loads -- from a python string
 """
 import pickle
+import fickling
 
 data = (
     123,
@@ -35,7 +36,7 @@
     f.close()
 
 with open("serialized_data.pkl", "rb") as g:
-    retrieved_data = pickle.load(g)
+    retrieved_data = fickling.load(g)
     print(f"retrieved_data: {retrieved_data} {type(retrieved_data)}")
 
 assert data == retrieved_data
@@ -48,7 +49,7 @@
     f.close()
 
 with open("serialized_data.pkl", "rb") as g:
-    retrieved_data = pickle.load(g)
+    retrieved_data = fickling.load(g)
     print(f"retrieved_data: {retrieved_data} {type(retrieved_data)}")
 
 # cpython - it is c implementation of python