Skip to content

operator_utils.py contains unsafe deserialization code #1119

New issue
New issue
Open
Bug
Open
operator_utils.py contains unsafe deserialization code#1119
Bug
Labels
area/healthInvolves code and/or project healtharea/pythonInvolves Python codeno QC knowledge neededDoes not require knowledge of quantum computingpriority/p2Medium priority
@mhucka

Description

@mhucka
mhucka
opened on Aug 28, 2025

Describe the issue

Security code scanning alert 567 flagged a case of deserializing a user-provided value without checking boundaries or doing other safety checks. It happens on line 283, where a load() function is called after reading a file:

            raise TypeError('Operator of invalid type.')
    else:
        with open(file_path, 'rb') as f:
            data = marshal.load(f)

We should fix this to be safer.

What version of this software are you using?

0.23.0.dev0

How can the issue be reproduced?

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/healthInvolves code and/or project healtharea/pythonInvolves Python codeno QC knowledge neededDoes not require knowledge of quantum computingpriority/p2Medium priority

    Type

    Bug

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions