@@ -30,9 +30,17 @@ avoid confusion, the terms used here are "pickling" and "unpickling".
3030
3131.. warning ::
3232
33- The :mod: `pickle ` module is not secure against erroneous or maliciously
34- constructed data. Never unpickle data received from an untrusted or
35- unauthenticated source.
33+ The ``pickle `` module **is not secure **. Only unpickle data you trust.
34+
35+ It is possible to construct malicious pickle data which will **execute
36+ arbitrary code during unpickling **. Never unpickle data that could have come
37+ from an untrusted source, or that could have been tampered with.
38+
39+ Consider signing data with :mod: `hmac ` if you need to ensure that it has not
40+ been tampered with.
41+
42+ Safer serialization formats such as :mod: `json ` may be more appropriate if
43+ you are processing untrusted data. See :ref: `comparison-with-json `.
3644
3745
3846Relationship to other Python modules
@@ -75,6 +83,9 @@ The :mod:`pickle` module differs from :mod:`marshal` in several significant ways
7583 pickling and unpickling code deals with Python 2 to Python 3 type differences
7684 if your data is crossing that unique breaking change language boundary.
7785
86+
87+ .. _comparison-with-json :
88+
7889Comparison with ``json ``
7990^^^^^^^^^^^^^^^^^^^^^^^^
8091
@@ -94,7 +105,10 @@ There are fundamental differences between the pickle protocols and
94105 types, and no custom classes; pickle can represent an extremely large
95106 number of Python types (many of them automatically, by clever usage
96107 of Python's introspection facilities; complex cases can be tackled by
97- implementing :ref: `specific object APIs <pickle-inst >`).
108+ implementing :ref: `specific object APIs <pickle-inst >`);
109+
110+ * Unlike pickle, deserializing untrusted JSON does not in itself create an
111+ arbitrary code execution vulnerability.
98112
99113.. seealso ::
100114 The :mod: `json ` module: a standard library module allowing JSON
0 commit comments