## [SECURITY] pickle.load() arbitrary code execution in cfs-GroundSystem #551 **Status:** Open (Unresolved) ### Overview A critical security vulnerability exists in the `cfs-GroundSystem` project due to the use of `pickle.load()` for deserializing command and parameter definition files. The `pickle.load()` function allows arbitrary code execution, enabling attackers to execute malicious code by modifying pickle files. ### Affected Component - **File:** `cfs/GroundSystem/user/public/pickles.py` - **Affected Commands:** All commands under the `cfs/GroundSystem/` directory - **Version:** cfs-GroundSystem version 0.0.0 (and potentially others) ### Vulnerability Description The `pickle.load()` function deserializes Python objects from pickle files. This function is inherently unsafe when processing untrusted data, as it allows arbitrary code execution during deserialization. An attacker can craft a malicious pickle file containing embedded executable code, which will be executed when the file is loaded by the application. ### Steps to Reproduce 1. Create a pickle file containing arbitrary code execution payload 2. Place the malicious pickle file in a command directory under `cfs/GroundSystem/` 3. Load the command list and trigger the command 4. Malicious code executes ### Expected Behavior The application should use a safe serialization format (such as JSON) instead of `pickle` for storing command and parameter definitions. ### Code References **`cfs/cfs/GroundSystem/user/public/pickles.py` (lines 68-69, 177-178):** ```python with open(...) as f: pickle.load(f) ``` **`cfs/cfs/GroundSystem/user/public/commands/pickles.py` (lines 71-72):** ```python with open(...) as f: pickle.load(f) ``` **`cfs/cfs/GroundSystem/user/public/commands/pickles.py` (lines 130-132):** ```python with open(...) as f: pickle.load(f) ``` ### System Information - **Hardware:** x86_64 - **Operating System:** Linux (Ubuntu 22.04, Python 3.10) ### Fix Recommendation **No technical fix is currently available** because `pickle` is a dependency of the project. The recommended long-term solution is to migrate from `pickle` to a safe serialization format such as JSON for all command and parameter definition files.