Skip to content

Optionally Use Fickle for Deserialization of Data Returned from Untrusted Code #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
yeldarby merged 3 commits into from
Aug 31, 2025
Merged

Optionally Use Fickle for Deserialization of Data Returned from Untrusted Code #2

yeldarby merged 3 commits into from
Aug 31, 2025

Conversation

@yeldarby
Copy link

@yeldarby yeldarby commented Aug 30, 2025
edited
Loading

Describe your changes

Adds optional integration with rffickle for safe pickle deserialization to prevent Remote Code Execution (RCE) attacks when running untrusted user code in Modal sandboxes.

  • Adds use_firewall parameter to @app.function() and @app.cls() decorators
  • When enabled, uses rffickle.DefaultFirewall to block dangerous pickle operations during deserialization
  • Per-function configuration allows selective protection for untrusted code while maintaining full pickle support for trusted functions
  • No unsafe fallback - if firewall is requested but rffickle is unavailable, the function fails rather than falling back to unsafe deserialization

Compatibility checklist

  • Client+Server: this change is compatible with old servers
  • Client forward compatibility: this change ensures client can accept data intended for later versions of itself

Release checklist

  • Version file (modal_version/__init__.py) has been updated with the next logical version
  • Changelog has been cleaned up and given an appropriate subhead

Changelog

  • Added use_firewall parameter to functions and classes for safe deserialization of untrusted pickle data using rffickle
    • Enable with @app.function(use_firewall=True) for functions that process untrusted code
    • Also supports Cls.from_name() and Function.from_name() with use_firewall=True parameter

@yeldarby
Add use_firewall to invoke rffickle safe deserialization
a62076a
@yeldarby
Fix CI issues and bump version to 1.2.0
e369568 
- Bump version from 1.1.4.dev23 to 1.2.0 for Roboflow fork release
- Add copyright headers to all test files (fixes copyright check)
- Fix import ordering in test files (fixes ruff linting)
- Fix type annotations by adding use_firewall parameter to _Invocation and _InputPlaneInvocation classes
- Update CHANGELOG with comprehensive release notes for rffickle integration
@yeldarby
Add release notes for v1.2.0
b0ae8c2
@yeldarby yeldarby merged commit dc6b185 into main Aug 31, 2025
15 of 26 checks passed
@yeldarby yeldarby deleted the feat/fickle-security branch August 31, 2025 03:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yeldarby