From 1d2b4fd13edc972dd4076500b1ec4cb972bef1c9 Mon Sep 17 00:00:00 2001 From: jonathan vanasco Date: Mon, 4 Nov 2019 16:59:41 -0500 Subject: deprecate PickleSerializer --- docs/narr/sessions.rst | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) (limited to 'docs/narr') diff --git a/docs/narr/sessions.rst b/docs/narr/sessions.rst index c2cc60de8..413dc5b8e 100644 --- a/docs/narr/sessions.rst +++ b/docs/narr/sessions.rst @@ -91,26 +91,32 @@ Remember that sessions should be short-lived and thus the number of clients affe .. code-block:: python :linenos: + import pickle from pyramid.session import JSONSerializer - from pyramid.session import PickleSerializer from pyramid.session import SignedCookieSessionFactory + class JSONSerializerWithPickleFallback(object): def __init__(self): self.json = JSONSerializer() - self.pickle = PickleSerializer() - def dumps(self, value): + def dumps(self, appstruct): + """Accept a Python object and return bytes.""" # maybe catch serialization errors here and keep using pickle # while finding spots in your app that are not storing # JSON-serializable objects, falling back to pickle - return self.json.dumps(value) + return self.json.dumps(appstruct) - def loads(self, value): + def loads(self, bstruct): + """Accept bytes and return a Python object.""" try: - return self.json.loads(value) + return self.json.loads(bstruct) except ValueError: - return self.pickle.loads(value) + try: + return pickle.loads(bstruct) + # at least ValueError, AttributeError, ImportError but more to be safe + except Exception: + raise ValueError # somewhere in your configuration code serializer = JSONSerializerWithPickleFallback() -- cgit v1.2.3 From 9264004c92adf731cd8164a63e199558ffdd2751 Mon Sep 17 00:00:00 2001 From: jonathan vanasco Date: Mon, 4 Nov 2019 17:45:44 -0500 Subject: changes based on feedback --- docs/narr/sessions.rst | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'docs/narr') diff --git a/docs/narr/sessions.rst b/docs/narr/sessions.rst index 413dc5b8e..d9befec82 100644 --- a/docs/narr/sessions.rst +++ b/docs/narr/sessions.rst @@ -101,10 +101,14 @@ Remember that sessions should be short-lived and thus the number of clients affe self.json = JSONSerializer() def dumps(self, appstruct): - """Accept a Python object and return bytes.""" - # maybe catch serialization errors here and keep using pickle - # while finding spots in your app that are not storing - # JSON-serializable objects, falling back to pickle + """ + Accept a Python object and return bytes. + + During a migration, you may want to catch serialization errors here, + and keep using pickle while finding spots in your app that are not + storing JSON-serializable objects. You may also want to integrate + a fall-back to picke serialization here as well. + """ return self.json.dumps(appstruct) def loads(self, bstruct): @@ -114,8 +118,9 @@ Remember that sessions should be short-lived and thus the number of clients affe except ValueError: try: return pickle.loads(bstruct) - # at least ValueError, AttributeError, ImportError but more to be safe except Exception: + # this block should catch at least: + # ValueError, AttributeError, ImportError; but more to be safe raise ValueError # somewhere in your configuration code -- cgit v1.2.3 From 3bc31c66c41f795abdaa270645f1046f70a86e07 Mon Sep 17 00:00:00 2001 From: jonathan vanasco Date: Mon, 4 Nov 2019 17:56:27 -0500 Subject: fixed rst; migrated some inline references to the docs --- docs/narr/sessions.rst | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'docs/narr') diff --git a/docs/narr/sessions.rst b/docs/narr/sessions.rst index d9befec82..8ae20d63e 100644 --- a/docs/narr/sessions.rst +++ b/docs/narr/sessions.rst @@ -85,6 +85,12 @@ This is a stricter contract than the previous requirement that all objects be pi This is a backward-incompatible change. Previously, if a client-side session implementation was compromised, it left the application vulnerable to remote code execution attacks using specially-crafted sessions that execute code when deserialized. +Please reference the following tickets if detailed information on these changes is needed: + +* `2.0 feature request: Require that sessions are JSON serializable #2709 `_. +* `deprecate pickleable sessions, recommend json #3353 `_. +* `change to use JSONSerializer for SignedCookieSessionFactory #3413 `_. + For users with compatibility concerns, it's possible to craft a serializer that can handle both formats until you are satisfied that clients have had time to reasonably upgrade. Remember that sessions should be short-lived and thus the number of clients affected should be small (no longer than an auth token, at a maximum). An example serializer: -- cgit v1.2.3 From 24c19c8780379c77dc1cf5567d8cf18009d4d780 Mon Sep 17 00:00:00 2001 From: jonathan vanasco Date: Tue, 5 Nov 2019 11:42:08 -0500 Subject: typo and tabs --- docs/narr/sessions.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'docs/narr') diff --git a/docs/narr/sessions.rst b/docs/narr/sessions.rst index 8ae20d63e..2da524d4c 100644 --- a/docs/narr/sessions.rst +++ b/docs/narr/sessions.rst @@ -113,7 +113,7 @@ Remember that sessions should be short-lived and thus the number of clients affe During a migration, you may want to catch serialization errors here, and keep using pickle while finding spots in your app that are not storing JSON-serializable objects. You may also want to integrate - a fall-back to picke serialization here as well. + a fall-back to pickle serialization here as well. """ return self.json.dumps(appstruct) @@ -125,8 +125,8 @@ Remember that sessions should be short-lived and thus the number of clients affe try: return pickle.loads(bstruct) except Exception: - # this block should catch at least: - # ValueError, AttributeError, ImportError; but more to be safe + # this block should catch at least: + # ValueError, AttributeError, ImportError; but more to be safe raise ValueError # somewhere in your configuration code -- cgit v1.2.3