From a12d0a6a8cdba58d5e4e5f92ac62bb80fc26c624 Mon Sep 17 00:00:00 2001
From: Eric Kafe <kafe.eric@gmail.com>
Date: Tue, 23 Jul 2024 09:09:09 +0200
Subject: [PATCH] Prevent data.load from unpickling classes or functions

---
 nltk/data.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/nltk/data.py b/nltk/data.py
index cc9229b0a2..fb242721c5 100644
--- a/nltk/data.py
+++ b/nltk/data.py
@@ -658,6 +658,15 @@ def retrieve(resource_url, filename=None, verbose=True):
 }
 
 
+def restricted_pickle_load(string):
+    """
+    Prevents any class or function from loading.
+    """
+    from nltk.app.wordnet_app import RestrictedUnpickler
+
+    return RestrictedUnpickler(BytesIO(string)).load()
+
+
 def load(
     resource_url,
     format="auto",
@@ -751,7 +760,7 @@ def load(
     if format == "raw":
         resource_val = opened_resource.read()
     elif format == "pickle":
-        resource_val = pickle.load(opened_resource)
+        resource_val = restricted_pickle_load(opened_resource.read())
     elif format == "json":
         import json