Feature: Remove Pickle usage to improve security of Monai #8527
Description
Is your feature request related to a problem? Please describe.
Pickle is effectively fully functional python code. So loading a python pickle can lead to the complete compromise of the system loading it if an attacker has ever been able to write to it. Often it is assumed that the pickle cannot be accessed, or altered, but since storage mechanisms such as json, and msgpack exist that do not have this vulnerability, moving away from pickle greatly reduces the risk of the application being compromised.
Describe the solution you'd like
I would like for pickle to be removed from all Project-Monai repos in order to set a good example of how to interact with medical images.
In many cases I believe that json and msgpack can work as a solution. msgpack is a non-standard libary but has better support for things such as byte strings.
pickle is not used heavily, and from what I can see it's used in ways to pass data between Monai, so there don't appear to be any external requirements to use it, however if I am wrong, please share it here.
Describe alternatives you've considered
When json and msgpack are not a solution there are still many more solutions that are more data specific such as safetensor. However I don't have enough familiarity with the Monai code base to know which would be applicable. If there is a technical reason that pickle is required and someone shares that in this ticket I will gladly help find a solution.
Additional context
https://docs.python.org/3/library/pickle.html - Official Python docs state "Warning The pickle module is not secure"