Skip to content

Releases: trailofbits/fickling

Fickling v0.1.3

26 Mar 19:24
@suhacker1 suhacker1
v0.1.3
a44456e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Fickling v0.1.3 Latest
Latest

What's Changed

Full Changelog: v0.1.2...v0.1.3

Contributors

suhacker1 and dependabot
Assets 10
Loading

Fickling v0.1.2

29 Jan 15:52
@suhacker1 suhacker1
v0.1.2
6fc70ca
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Fickling v0.1.2

What's Changed

  • Bump version number for updated Python version in build workflow
Assets 10
Loading

Fickling v0.1.1

29 Jan 15:45
@suhacker1 suhacker1
v0.1.1
c36f511
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Fickling v0.1.1

What's Changed

  • Update Python version in release workflow
Assets 2
Loading

Fickling v0.1.0

26 Jan 21:10
@suhacker1 suhacker1
v0.1.0
03c3185
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Fickling v0.1.0

What's Changed

  • Remove fickling.fickle.Pickled.check_safety() in favor of fickling.analysis.check_safety()
  • Restore fickling.pickle with deprecation warning for legacy
  • Introduce the polyglot module with tests and examples
  • Refactor, refine, and add tests to the PyTorch module
  • Add an import hook, global function hook, and context manager for malicious file detection integrations
  • Refactor and add a JSON output format to the modular analysis API for usability
  • Update README and examples with new features
  • Include more injection methods and techniques
  • Add support for OBJ, BINSTRING, and POP_MARK opcodes
  • Bump pypa/gh-action-pypi-publish from 1.8.10 to 1.8.11
  • Bump actions/setup-python from 4 to 5
  • Bump sigstore/gh-action-sigstore-python from 2.1.0 to 2.1.1
  • Bump actions/upload-artifact from 3 to 4
  • Bump actions/download-artifact from 3 to 4

Full Changelog: v0.0.8...v0.1.0

Assets 2
Loading

Fickling v0.0.8

20 Nov 16:05
@ESultanik ESultanik
v0.0.8
d33e2f3
Compare
Choose a tag to compare
Fickling v0.0.8

Refactor: the fickling.pickle module is renamed to fickling.fickle. The fickling.pickle module still works, but is deprecated and will eventually be removed from Fickling.

Assets 10
Loading

Fickling v0.0.7

11 Oct 15:24
@ESultanik ESultanik
v0.0.7
3b484cf
Compare
Choose a tag to compare
Fickling v0.0.7

Adds a new API call to insert a function call into a pickle that operates on the last unpickled object.

Assets 10
Loading

Fickling v0.0.6

24 May 21:13
@ESultanik ESultanik
v0.0.6
41b0343
Compare
Choose a tag to compare
Fickling v0.0.6

Adds a modular API for analyses and analysis results, permitting sorting and filtering results.

Assets 10
Loading

Fickling v0.0.5

19 May 16:32
@ESultanik ESultanik
v0.0.5
d220fc2
Compare
Choose a tag to compare
Fickling v0.0.5
  • Adds static dataflow analysis
  • Improved unused variable detection checks
  • Improved opcode injection
  • Minor bugfixes in opcode encoding
  • Fixes a bug that can result in a dirty stack after opcode injection
  • Programmatic support for stacked pickle files
  • Improved handling and parsing of __builtin__s
Assets 10
Loading

Fickling v0.0.4

07 Sep 16:00
@ESultanik ESultanik
v0.0.4
8897b78
Compare
Choose a tag to compare
Fickling v0.0.4

Bugfix Release

Adds a workaround for an issue with a third party dependency affecting Python 3.8 and earlier.
Adds the socket module as an overtly unsafe import.

Assets 2
Loading

Fickling v0.0.3

11 Jan 13:56
@ESultanik ESultanik
v0.0.3
1bbeb00
Compare
Choose a tag to compare
Fickling v0.0.3

Improvements to documentation and examples, as well as support for two additional pickling opcodes.

Assets 2
Loading