Implementation:Trailofbits Fickling UnsafeFileError

Overview

Concrete exception class for reporting blocked pickle deserialization attempts provided by the Fickling library.

Description

UnsafeFileError is a custom exception raised by FicklingMLUnpickler.find_class() when a pickle file attempts to import a module or name not in the ML allowlist. It carries the file path and a description of the unsafe import as structured attributes.

Usage

Catch this exception when loading ML models under Fickling protection to handle security-blocked files gracefully. The .filepath and .info attributes provide details for logging or user notification.

Code Reference

Source Location

• Repository: fickling
• File: fickling/exception.py
• Lines: L1-8

Signature

class UnsafeFileError(Exception):
    def __init__(self, filepath: str, info: str):
        """
        Args:
            filepath: Path to the file that triggered the error.
            info: Description of the unsafe import detected.
        """

    def __str__(self) -> str:
        """Returns 'Safety results for {filepath} : {info}'"""

Import

from fickling.exception import UnsafeFileError

I/O Contract

Inputs

Outputs

Usage Examples

Catching Blocked Imports

from fickling.exception import UnsafeFileError
from fickling.hook import activate_safe_ml_environment
import pickle

activate_safe_ml_environment()

try:
    with open("untrusted_model.pkl", "rb") as f:
        model = pickle.load(f)
except UnsafeFileError as e:
    print(f"Blocked: {e.filepath}")
    print(f"Reason: {e.info}")
    # Log, alert, or quarantine the file

Related Pages

Implements Principle

• Principle:Trailofbits_Fickling_Unsafe_Deserialization_Error_Handling