Principle:Trailofbits Fickling Severity Classification
| Knowledge Sources | |
|---|---|
| Domains | Security, Risk_Assessment |
| Last Updated | 2026-02-14 14:00 GMT |
Overview
A graduated risk classification system that assigns a severity level to pickle analysis results on a six-level scale from safe to overtly malicious.
Description
Severity Classification provides a standardized vocabulary for communicating pickle file risk. Rather than a binary safe/unsafe determination, it uses six ordered levels that capture the spectrum of risk:
- LIKELY_SAFE (0) — No unsafe operations discovered
- POSSIBLY_UNSAFE (1) — Some unusual patterns detected
- SUSPICIOUS (2) — Suspicious patterns like unused variables
- LIKELY_UNSAFE (3) — Non-standard imports or tampered structure
- LIKELY_OVERTLY_MALICIOUS (4) — Imports from known-dangerous modules (os, subprocess)
- OVERTLY_MALICIOUS (5) — Direct calls to exec, eval, compile, or open
The aggregate severity of a set of analysis results is the maximum severity across all individual findings. This ensures that a single highly dangerous finding dominates the overall assessment.
Usage
Use this classification system when building decision logic around pickle safety scanning. Set severity thresholds for automated pipelines (e.g., block uploads with severity >= LIKELY_UNSAFE) and use the detailed levels for human review prioritization.
Theoretical Basis
The severity scale is an ordinal enumeration with numeric values enabling comparison:
# Pseudocode: Severity as ordered enum
aggregate_severity = max(
result.severity for result in analysis_results
)
if aggregate_severity >= LIKELY_UNSAFE:
block_file()
elif aggregate_severity >= SUSPICIOUS:
flag_for_review()
else:
allow_file()