Add pty to unsafeimports

[ajohnston9]

The following code produces a pickle file that fickling fails to detect as malicious:

import pickle
import pickletools

payload = b'''(cpty\nspawn\nS"id"\no.'''
pickletools.dis(payload, annotate=1)

with open('pwn.pkl', 'wb') as f:
    f.write(payload)

This is because this technique uses pty and does not leave _var0 unused. This PR adds pty to unsafe_imports as a quick fix to ensure the primitive behind this technique is detected.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ ajohnston9
❌ Andrew Johnston

---

Andrew Johnston seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[ESultanik]

This is great, thanks! It'd be nice to have a unit test to confirm that we now catch this attack, but we can add that after this PR is merged. Once you sign the CLA we can merge.

[ajohnston9]

I've added a relevant test and signed the CLA! Let me know if there's anything else I can do.

[woodruffw]

Might be missing something, but shouldn't this be in its own test/try-except block at a minimum? I believe as-is the first line will always trip the exception, so this will never be tested.