Fickling is among the projects Cisco tested, without being directly named: https://blogs.cisco.com/ai/hardening-pickle-file-scanners. We should integrate their test cases to fickling.
We can also integrate cisco-ai-defense/pickle-fuzzer in the CI with google/atheris. It has to be optional as we didn't implement support for all opcodes and we'll have to fix these before we get anything meaningful out of the tool.
Fickling is among the projects Cisco tested, without being directly named: https://blogs.cisco.com/ai/hardening-pickle-file-scanners. We should integrate their test cases to fickling.
We can also integrate cisco-ai-defense/pickle-fuzzer in the CI with google/atheris. It has to be optional as we didn't implement support for all opcodes and we'll have to fix these before we get anything meaningful out of the tool.