--- nltk/app/chartparser_app.py | 13 +++++++++++++ nltk/corpus/reader/util.py | 2 ++ nltk/data.py | 2 ++ nltk/parse/transitionparser.py | 2 ++ nltk/tbl/demo.py | 4 +++- 5 files changed, 22 insertions(+), 1 deletion(-) --- a/nltk/app/chartparser_app.py +++ b/nltk/app/chartparser_app.py @@ -800,6 +800,10 @@ class ChartComparer: showerror("Error Saving Chart", f"Unable to open file: {filename!r}\n{e}") def load_chart_dialog(self, *args): + showerror("Security Error", + "Due to gh#nltk/nltk#3266, deserializing from " + + "a pickle is forbidden.") + return filename = askopenfilename( filetypes=self.CHART_FILE_TYPES, defaultextension=".pickle" ) @@ -811,6 +815,8 @@ class ChartComparer: showerror("Error Loading Chart", f"Unable to open file: {filename!r}\n{e}") def load_chart(self, filename): + raise RuntimeError("Due to gh#nltk/nltk#3266, deserializing from " + + "a pickle is forbidden.") with open(filename, "rb") as infile: chart = pickle.load(infile) name = os.path.basename(filename) @@ -2268,6 +2274,10 @@ class ChartParserApp: if not filename: return try: + showerror("Security Error", + "Due to gh#nltk/nltk#3266, deserializing from " + + "a pickle is forbidden.") + return with open(filename, "rb") as infile: chart = pickle.load(infile) self._chart = chart @@ -2306,6 +2316,9 @@ class ChartParserApp: return try: if filename.endswith(".pickle"): + showerror("Due to gh#nltk/nltk#3266, deserializing from " + + "a pickle is forbidden.") + return with open(filename, "rb") as infile: grammar = pickle.load(infile) else: --- a/nltk/corpus/reader/util.py +++ b/nltk/corpus/reader/util.py @@ -521,6 +521,8 @@ class PickleCorpusView(StreamBackedCorpu def read_block(self, stream): result = [] + raise RuntimeError("Due to gh#nltk/nltk#3266, deserializing from " + + "a pickle is forbidden.") for i in range(self.BLOCK_SIZE): try: result.append(pickle.load(stream)) --- a/nltk/data.py +++ b/nltk/data.py @@ -752,6 +752,8 @@ def load( if format == "raw": resource_val = opened_resource.read() elif format == "pickle": + raise RuntimeError("Due to gh#nltk/nltk#3266, deserializing from " + + "a pickle is forbidden.") resource_val = pickle.load(opened_resource) elif format == "json": import json --- a/nltk/parse/transitionparser.py +++ b/nltk/parse/transitionparser.py @@ -553,6 +553,8 @@ class TransitionParser(ParserI): """ result = [] # First load the model + raise RuntimeError("Due to gh#nltk/nltk#3266, deserializing from " + + "a pickle is forbidden.") model = pickle.load(open(modelFile, "rb")) operation = Transition(self._algorithm) --- a/nltk/tbl/demo.py +++ b/nltk/tbl/demo.py @@ -253,6 +253,8 @@ def postag( ) ) with open(cache_baseline_tagger) as print_rules: + raise RuntimeError("Due to gh#nltk/nltk#3266, deserializing from " + + "a pickle is forbidden.") baseline_tagger = pickle.load(print_rules) print(f"Reloaded pickled tagger from {cache_baseline_tagger}") else: @@ -327,7 +329,7 @@ def postag( with open(serialize_output) as print_rules: brill_tagger_reloaded = pickle.load(print_rules) print(f"Reloaded pickled tagger from {serialize_output}") - taggedtest_reloaded = brill_tagger.tag_sents(testing_data) + taggedtest_reloaded = brill_tagger_reloaded.tag_sents(testing_data) if taggedtest == taggedtest_reloaded: print("Reloaded tagger tried on test set, results identical") else: