[Security] Prevent new imports of (cloud)pickle (#18018)

Signed-off-by: Russell Bryant <rbryant@redhat.com> Co-authored-by: Aaron Pham <Aaronpham0103@gmail.com>
2025-10-20 14:53:52 +08:00 · 2025-06-12 06:30:17 -04:00
parent dff680001d
commit 4f6c42fa0a
2 changed files with 159 additions and 0 deletions
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -143,6 +143,13 @@ repos:
    types: [python]
    pass_filenames: false
    additional_dependencies: [regex]
+  - id: check-pickle-imports
+    name: Prevent new pickle/cloudpickle imports
+    entry: python tools/check_pickle_imports.py
+    language: python
+    types: [python]
+    pass_filenames: false
+    additional_dependencies: [pathspec, regex]
  # Keep `suggestion` last
  - id: suggestion
    name: Suggestion