From 0f1f647a8e2310a2291ea9ffab8c8336fc01f2c7 Mon Sep 17 00:00:00 2001
From: Olivier Grisel <olivier.grisel@ensta.org>
Date: Wed, 29 May 2019 15:52:38 +0200
Subject: [PATCH] DOC emphasize security sensitivity of joblib.load (#879)

---
 joblib/numpy_pickle.py        |  4 ++++
 joblib/numpy_pickle_compat.py | 14 +++++++++++---
 4 files changed, 44 insertions(+), 3 deletions(-)

diff --git a/joblib/numpy_pickle.py b/joblib/numpy_pickle.py
index bae0df31..bd807db2 100644
--- a/joblib/numpy_pickle.py
+++ b/joblib/numpy_pickle.py
@@ -550,6 +550,10 @@ def load(filename, mmap_mode=None):
 
     Read more in the :ref:`User Guide <persistence>`.
 
+    WARNING: joblib.load relies on the pickle module and can therefore
+    execute arbitrary Python code. It should therefore never be used
+    to load files from untrusted sources.
+
     Parameters
     -----------
     filename: str, pathlib.Path, or file object.
diff --git a/joblib/numpy_pickle_compat.py b/joblib/numpy_pickle_compat.py
index ba8ab827..d1532415 100644
--- a/joblib/numpy_pickle_compat.py
+++ b/joblib/numpy_pickle_compat.py
@@ -3,6 +3,8 @@
 import pickle
 import os
 import zlib
+import inspect
+
 from io import BytesIO
 
 from ._compat import PY3_OR_LATER
@@ -96,9 +98,15 @@ def read(self, unpickler):
         # use getattr instead of self.allow_mmap to ensure backward compat
         # with NDArrayWrapper instances pickled with joblib < 0.9.0
         allow_mmap = getattr(self, 'allow_mmap', True)
-        memmap_kwargs = ({} if not allow_mmap
-                         else {'mmap_mode': unpickler.mmap_mode})
-        array = unpickler.np.load(filename, **memmap_kwargs)
+        kwargs = {}
+        if allow_mmap:
+            kwargs['mmap_mode'] = unpickler.mmap_mode
+        if "allow_pickle" in inspect.signature(unpickler.np.load).parameters:
+            # Required in numpy 1.16.3 and later to aknowledge the security
+            # risk.
+            kwargs["allow_pickle"] = True
+        array = unpickler.np.load(filename, **kwargs)
+
         # Reconstruct subclasses. This does not work with old
         # versions of numpy
         if (hasattr(array, '__array_prepare__') and