Implementation:Trailofbits Fickling Is Likely Safe
| Knowledge Sources | |
|---|---|
| Domains | Security, Validation, Deserialization |
| Last Updated | 2026-02-14 14:00 GMT |
Overview
Concrete convenience function for boolean safety assessment of pickle files provided by the Fickling library.
Description
is_likely_safe opens a file, parses it with error tolerance, checks for invalid opcodes, and runs full safety analysis via check_safety. Returns True only if severity is LIKELY_SAFE.
Usage
Use for simple pass/fail safety gates. For detailed results, use check_safety directly.
Code Reference
Source Location
- Repository: fickling
- File: fickling/analysis.py
- Lines: L468-474
Signature
def is_likely_safe(filepath: str) -> bool:
"""Check if a pickle file is likely safe to load.
Args:
filepath: Path to the pickle file.
Returns:
True only if severity == LIKELY_SAFE after full analysis.
"""
Import
from fickling.analysis import is_likely_safe
# or
from fickling import is_likely_safe
I/O Contract
Inputs
| Name | Type | Required | Description |
|---|---|---|---|
| filepath | str | Yes | Path to the pickle file to assess |
Outputs
| Name | Type | Description |
|---|---|---|
| (return) | bool | True only if severity is LIKELY_SAFE; False for any unsafe findings or invalid opcodes |
Usage Examples
Quick Safety Gate
from fickling.analysis import is_likely_safe
if is_likely_safe("model.pkl"):
import pickle
with open("model.pkl", "rb") as f:
model = pickle.load(f)
else:
print("File is not safe to load!")
Post-Injection Verification
from fickling.analysis import is_likely_safe
# Verify that an injected model is correctly detected
assert not is_likely_safe("injected_model.pt"), "Scanner should detect the payload!"
Related Pages
Implements Principle
Uses Heuristic
Page Connections
Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment