From 4c46095b080a20b255a9c1fcd2adb4a5b8e77e6a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BD=95=E5=AE=87=E5=B3=B0?= Date: Mon, 2 Mar 2026 01:56:19 +0800 Subject: [PATCH] fix(security): add qlib to trusted module prefixes for pickle deserialization The RestrictedUnpickler introduced in #2099 whitelisted only a few specific qlib classes (DataHandler, DataHandlerLP, StaticDataLoader) but missed many others such as Alpha158, Alpha360, and various contrib handlers/models. This caused UnpicklingError during rolling train when task definitions containing these class references were deserialized from MongoDB. Instead of maintaining an ever-growing list of individual qlib classes, add "qlib" as a trusted module prefix alongside "pandas" and "numpy". All qlib internal classes are safe to deserialize within qlib's own restricted unpickler since they are part of the framework itself. The three individual qlib entries in SAFE_PICKLE_CLASSES are removed as they are now redundant. Fixes #2130 Co-Authored-By: Claude Opus 4.6 (1M context) --- qlib/utils/pickle_utils.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/qlib/utils/pickle_utils.py b/qlib/utils/pickle_utils.py index 920692f3c8..922c4e17b2 100644 --- a/qlib/utils/pickle_utils.py +++ b/qlib/utils/pickle_utils.py @@ -46,15 +46,13 @@ ("pathlib", "Path"), ("pathlib", "PosixPath"), ("pathlib", "WindowsPath"), - ("qlib.data.dataset.handler", "DataHandler"), - ("qlib.data.dataset.handler", "DataHandlerLP"), - ("qlib.data.dataset.loader", "StaticDataLoader"), } TRUSTED_MODULE_PREFIXES = ( "pandas", "numpy", + "qlib", )