File tree Expand file tree Collapse file tree
python/ql/lib/semmle/python/frameworks Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -1298,14 +1298,21 @@ module StdlibPrivate {
12981298 // pickle
12991299 // ---------------------------------------------------------------------------
13001300 /** Gets a reference to any of the `pickle` modules. */
1301- API:: Node pickle ( ) { result = API:: moduleImport ( [ "pickle" , "cPickle" , "_pickle" , "cloudpickle" ] ) }
1301+ API:: Node pickle ( ) {
1302+ result = API:: moduleImport ( [ "pickle" , "cPickle" , "_pickle" , "cloudpickle" ] ) or
1303+ result = API:: moduleImport ( "kombu" ) .getMember ( "serialization" ) .getMember ( "pickle" )
1304+ }
13021305
13031306 /**
13041307 * A call to `pickle.load`
13051308 * See https://docs.python.org/3/library/pickle.html#pickle.load
13061309 */
13071310 private class PickleLoadCall extends Decoding:: Range , DataFlow:: CallCfgNode {
1308- PickleLoadCall ( ) { this = pickle ( ) .getMember ( "load" ) .getACall ( ) }
1311+ PickleLoadCall ( ) {
1312+ this = pickle ( ) .getMember ( "load" ) .getACall ( ) or
1313+ this =
1314+ API:: moduleImport ( "kombu" ) .getMember ( "serialization" ) .getMember ( "pickle_load" ) .getACall ( )
1315+ }
13091316
13101317 override predicate mayExecuteInput ( ) { any ( ) }
13111318
You can’t perform that action at this time.
0 commit comments