deprecate signed_serialize and signed_deserialize

3 files changed, 38 insertions, 6 deletions

diff --git a/CHANGES.rst b/CHANGES.rst
index 92e1e4313..97a38591c 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -90,6 +90,15 @@ Deprecations
   of the documentation for more information about this change.
   See https://github.com/Pylons/pyramid/pull/3353
 
+- The ``pyramid.session.signed_serialize`` and
+  ``pyramid.session.signed_deserialize`` functions will be removed in Pyramid
+  2.0, along with the removal of
+  ``pyramid.session.UnencryptedCookieSessionFactoryConfig`` which was
+  deprecated in Pyramid 1.5. Please switch to using the
+  ``SignedCookieSessionFactory``, copying the code, or another session
+  implementation if you're still using these features.
+  See https://github.com/Pylons/pyramid/pull/3353
+
 Backward Incompatibilities
 --------------------------
 
diff --git a/docs/api/session.rst b/docs/api/session.rst
index e0d2db726..d0cb112ec 100644
--- a/docs/api/session.rst
+++ b/docs/api/session.rst
@@ -5,14 +5,8 @@
 
 .. automodule:: pyramid.session
 
-  .. autofunction:: signed_serialize
-
-  .. autofunction:: signed_deserialize
-
   .. autofunction:: SignedCookieSessionFactory
 
-  .. autofunction:: UnencryptedCookieSessionFactoryConfig
-
   .. autofunction:: BaseCookieSessionFactory
 
   .. autoclass:: PickleSerializer
diff --git a/pyramid/session.py b/pyramid/session.py
index 3caf4181a..b953fa184 100644
--- a/pyramid/session.py
+++ b/pyramid/session.py
@@ -64,6 +64,14 @@ def signed_serialize(data, secret):
 
        cookieval = signed_serialize({'a':1}, 'secret')
        response.set_cookie('signed_cookie', cookieval)
+
+    .. deprecated:: 1.10
+
+       This function will be removed in :app:`Pyramid` 2.0. It is using
+       pickle-based serialization, which is considered vulnerable to remote
+       code execution attacks and will no longer be used by the default
+       session factories at that time.
+
     """
     pickled = pickle.dumps(data, pickle.HIGHEST_PROTOCOL)
     try:
@@ -74,6 +82,13 @@ def signed_serialize(data, secret):
     sig = hmac.new(secret, pickled, hashlib.sha1).hexdigest()
     return sig + native_(base64.b64encode(pickled))
 
+deprecated(
+    'signed_serialize',
+    'This function will be removed in Pyramid 2.0. It is using pickle-based '
+    'serialization, which is considered vulnerable to remote code execution '
+    'attacks.',
+)
+
 def signed_deserialize(serialized, secret, hmac=hmac):
     """ Deserialize the value returned from ``signed_serialize``.  If
     the value cannot be deserialized for any reason, a
@@ -86,6 +101,13 @@ def signed_deserialize(serialized, secret, hmac=hmac):
 
        cookieval = request.cookies['signed_cookie']
        data = signed_deserialize(cookieval, 'secret')
+
+    .. deprecated:: 1.10
+
+       This function will be removed in :app:`Pyramid` 2.0. It is using
+       pickle-based serialization, which is considered vulnerable to remote
+       code execution attacks and will no longer be used by the default
+       session factories at that time.
     """
     # hmac parameterized only for unit tests
     try:
@@ -109,6 +131,13 @@ def signed_deserialize(serialized, secret, hmac=hmac):
 
     return pickle.loads(pickled)
 
+deprecated(
+    'signed_deserialize',
+    'This function will be removed in Pyramid 2.0. It is using pickle-based '
+    'serialization, which is considered vulnerable to remote code execution '
+    'attacks.',
+)
+
 
 class PickleSerializer(object):
     """ A serializer that uses the pickle protocol to dump Python