mirror of https://github.com/python/cpython.git
770 lines
33 KiB
TeX
770 lines
33 KiB
TeX
\section{\module{pickle} --- Python object serialization}
|
|
|
|
\declaremodule{standard}{pickle}
|
|
\modulesynopsis{Convert Python objects to streams of bytes and back.}
|
|
% Substantial improvements by Jim Kerr <jbkerr@sr.hp.com>.
|
|
% Rewritten by Barry Warsaw <barry@zope.com>
|
|
|
|
\index{persistence}
|
|
\indexii{persistent}{objects}
|
|
\indexii{serializing}{objects}
|
|
\indexii{marshalling}{objects}
|
|
\indexii{flattening}{objects}
|
|
\indexii{pickling}{objects}
|
|
|
|
The \module{pickle} module implements a fundamental, but powerful
|
|
algorithm for serializing and de-serializing a Python object
|
|
structure. ``Pickling'' is the process whereby a Python object
|
|
hierarchy is converted into a byte stream, and ``unpickling'' is the
|
|
inverse operation, whereby a byte stream is converted back into an
|
|
object hierarchy. Pickling (and unpickling) is alternatively known as
|
|
``serialization'', ``marshalling,''\footnote{Don't confuse this with
|
|
the \refmodule{marshal} module} or ``flattening'',
|
|
however the preferred term used here is ``pickling'' and
|
|
``unpickling'' to avoid confusing.
|
|
|
|
This documentation describes both the \module{pickle} module and the
|
|
\refmodule{cPickle} module.
|
|
|
|
\subsection{Relationship to other Python modules}
|
|
|
|
The \module{pickle} module has an optimized cousin called the
|
|
\module{cPickle} module. As its name implies, \module{cPickle} is
|
|
written in C, so it can be up to 1000 times faster than
|
|
\module{pickle}. However it does not support subclassing of the
|
|
\function{Pickler()} and \function{Unpickler()} classes, because in
|
|
\module{cPickle} these are functions, not classes. Most applications
|
|
have no need for this functionality, and can benefit from the improved
|
|
performance of \module{cPickle}. Other than that, the interfaces of
|
|
the two modules are nearly identical; the common interface is
|
|
described in this manual and differences are pointed out where
|
|
necessary. In the following discussions, we use the term ``pickle''
|
|
to collectively describe the \module{pickle} and
|
|
\module{cPickle} modules.
|
|
|
|
The data streams the two modules produce are guaranteed to be
|
|
interchangeable.
|
|
|
|
Python has a more primitive serialization module called
|
|
\refmodule{marshal}, but in general
|
|
\module{pickle} should always be the preferred way to serialize Python
|
|
objects. \module{marshal} exists primarily to support Python's
|
|
\file{.pyc} files.
|
|
|
|
The \module{pickle} module differs from \refmodule{marshal} several
|
|
significant ways:
|
|
|
|
\begin{itemize}
|
|
|
|
\item The \module{pickle} module keeps track of the objects it has
|
|
already serialized, so that later references to the same object
|
|
won't be serialized again. \module{marshal} doesn't do this.
|
|
|
|
This has implications both for recursive objects and object
|
|
sharing. Recursive objects are objects that contain references
|
|
to themselves. These are not handled by marshal, and in fact,
|
|
attempting to marshal recursive objects will crash your Python
|
|
interpreter. Object sharing happens when there are multiple
|
|
references to the same object in different places in the object
|
|
hierarchy being serialized. \module{pickle} stores such objects
|
|
only once, and ensures that all other references point to the
|
|
master copy. Shared objects remain shared, which can be very
|
|
important for mutable objects.
|
|
|
|
\item \module{marshal} cannot be used to serialize user-defined
|
|
classes and their instances. \module{pickle} can save and
|
|
restore class instances transparently, however the class
|
|
definition must be importable and live in the same module as
|
|
when the object was stored.
|
|
|
|
\item The \module{marshal} serialization format is not guaranteed to
|
|
be portable across Python versions. Because its primary job in
|
|
life is to support \file{.pyc} files, the Python implementers
|
|
reserve the right to change the serialization format in
|
|
non-backwards compatible ways should the need arise. The
|
|
\module{pickle} serialization format is guaranteed to be
|
|
backwards compatible across Python releases.
|
|
|
|
\item The \module{pickle} module doesn't handle code objects, which
|
|
the \module{marshal} module does. This avoids the possibility
|
|
of smuggling Trojan horses into a program through the
|
|
\module{pickle} module\footnote{This doesn't necessarily imply
|
|
that \module{pickle} is inherently secure. See
|
|
section~\ref{pickle-sec} for a more detailed discussion on
|
|
\module{pickle} module security. Besides, it's possible that
|
|
\module{pickle} will eventually support serializing code
|
|
objects.}.
|
|
|
|
\end{itemize}
|
|
|
|
Note that serialization is a more primitive notion than persistence;
|
|
although
|
|
\module{pickle} reads and writes file objects, it does not handle the
|
|
issue of naming persistent objects, nor the (even more complicated)
|
|
issue of concurrent access to persistent objects. The \module{pickle}
|
|
module can transform a complex object into a byte stream and it can
|
|
transform the byte stream into an object with the same internal
|
|
structure. Perhaps the most obvious thing to do with these byte
|
|
streams is to write them onto a file, but it is also conceivable to
|
|
send them across a network or store them in a database. The module
|
|
\refmodule{shelve} provides a simple interface
|
|
to pickle and unpickle objects on DBM-style database files.
|
|
|
|
\subsection{Data stream format}
|
|
|
|
The data format used by \module{pickle} is Python-specific. This has
|
|
the advantage that there are no restrictions imposed by external
|
|
standards such as XDR\index{XDR}\index{External Data Representation}
|
|
(which can't represent pointer sharing); however it means that
|
|
non-Python programs may not be able to reconstruct pickled Python
|
|
objects.
|
|
|
|
By default, the \module{pickle} data format uses a printable \ASCII{}
|
|
representation. This is slightly more voluminous than a binary
|
|
representation. The big advantage of using printable \ASCII{} (and of
|
|
some other characteristics of \module{pickle}'s representation) is that
|
|
for debugging or recovery purposes it is possible for a human to read
|
|
the pickled file with a standard text editor.
|
|
|
|
A binary format, which is slightly more efficient, can be chosen by
|
|
specifying a true value for the \var{bin} argument to the
|
|
\class{Pickler} constructor or the \function{dump()} and \function{dumps()}
|
|
functions.
|
|
|
|
\subsection{Usage}
|
|
|
|
To serialize an object hierarchy, you first create a pickler, then you
|
|
call the pickler's \method{dump()} method. To de-serialize a data
|
|
stream, you first create an unpickler, then you call the unpickler's
|
|
\method{load()} method. The \module{pickle} module provides the
|
|
following functions to make this process more convenient:
|
|
|
|
\begin{funcdesc}{dump}{object, file\optional{, bin}}
|
|
Write a pickled representation of \var{object} to the open file object
|
|
\var{file}. This is equivalent to
|
|
\code{Pickler(\var{file}, \var{bin}).dump(\var{object})}.
|
|
If the optional \var{bin} argument is true, the binary pickle format
|
|
is used; otherwise the (less efficient) text pickle format is used
|
|
(for backwards compatibility, this is the default).
|
|
|
|
\var{file} must have a \method{write()} method that accepts a single
|
|
string argument. It can thus be a file object opened for writing, a
|
|
\refmodule{StringIO} object, or any other custom
|
|
object that meets this interface.
|
|
\end{funcdesc}
|
|
|
|
\begin{funcdesc}{load}{file}
|
|
Read a string from the open file object \var{file} and interpret it as
|
|
a pickle data stream, reconstructing and returning the original object
|
|
hierarchy. This is equivalent to \code{Unpickler(\var{file}).load()}.
|
|
|
|
\var{file} must have two methods, a \method{read()} method that takes
|
|
an integer argument, and a \method{readline()} method that requires no
|
|
arguments. Both methods should return a string. Thus \var{file} can
|
|
be a file object opened for reading, a
|
|
\module{StringIO} object, or any other custom
|
|
object that meets this interface.
|
|
|
|
This function automatically determines whether the data stream was
|
|
written in binary mode or not.
|
|
\end{funcdesc}
|
|
|
|
\begin{funcdesc}{dumps}{object\optional{, bin}}
|
|
Return the pickled representation of the object as a string, instead
|
|
of writing it to a file. If the optional \var{bin} argument is
|
|
true, the binary pickle format is used; otherwise the (less efficient)
|
|
text pickle format is used (this is the default).
|
|
\end{funcdesc}
|
|
|
|
\begin{funcdesc}{loads}{string}
|
|
Read a pickled object hierarchy from a string. Characters in the
|
|
string past the pickled object's representation are ignored.
|
|
\end{funcdesc}
|
|
|
|
The \module{pickle} module also defines three exceptions:
|
|
|
|
\begin{excdesc}{PickleError}
|
|
A common base class for the other exceptions defined below. This
|
|
inherits from \exception{Exception}.
|
|
\end{excdesc}
|
|
|
|
\begin{excdesc}{PicklingError}
|
|
This exception is raised when an unpicklable object is passed to
|
|
the \method{dump()} method.
|
|
\end{excdesc}
|
|
|
|
\begin{excdesc}{UnpicklingError}
|
|
This exception is raised when there is a problem unpickling an object,
|
|
such as a security violation. Note that other exceptions may also be
|
|
raised during unpickling, including (but not necessarily limited to)
|
|
\exception{AttributeError} and \exception{ImportError}.
|
|
\end{excdesc}
|
|
|
|
The \module{pickle} module also exports two callables\footnote{In the
|
|
\module{pickle} module these callables are classes, which you could
|
|
subclass to customize the behavior. However, in the \module{cPickle}
|
|
modules these callables are factory functions and so cannot be
|
|
subclassed. One of the common reasons to subclass is to control what
|
|
objects can actually be unpickled. See section~\ref{pickle-sec} for
|
|
more details on security concerns.}, \class{Pickler} and
|
|
\class{Unpickler}:
|
|
|
|
\begin{classdesc}{Pickler}{file\optional{, bin}}
|
|
This takes a file-like object to which it will write a pickle data
|
|
stream. Optional \var{bin} if true, tells the pickler to use the more
|
|
efficient binary pickle format, otherwise the \ASCII{} format is used
|
|
(this is the default).
|
|
|
|
\var{file} must have a \method{write()} method that accepts a single
|
|
string argument. It can thus be an open file object, a
|
|
\module{StringIO} object, or any other custom
|
|
object that meets this interface.
|
|
\end{classdesc}
|
|
|
|
\class{Pickler} objects define one (or two) public methods:
|
|
|
|
\begin{methoddesc}[Pickler]{dump}{object}
|
|
Write a pickled representation of \var{object} to the open file object
|
|
given in the constructor. Either the binary or \ASCII{} format will
|
|
be used, depending on the value of the \var{bin} flag passed to the
|
|
constructor.
|
|
\end{methoddesc}
|
|
|
|
\begin{methoddesc}[Pickler]{clear_memo}{}
|
|
Clears the pickler's ``memo''. The memo is the data structure that
|
|
remembers which objects the pickler has already seen, so that shared
|
|
or recursive objects pickled by reference and not by value. This
|
|
method is useful when re-using picklers.
|
|
|
|
\strong{Note:} \method{clear_memo()} is only available on the picklers
|
|
created by \module{cPickle}. In the \module{pickle} module, picklers
|
|
have an instance variable called \member{memo} which is a Python
|
|
dictionary. So to clear the memo for a \module{pickle} module
|
|
pickler, you could do the following:
|
|
|
|
\begin{verbatim}
|
|
mypickler.memo.clear()
|
|
\end{verbatim}
|
|
\end{methoddesc}
|
|
|
|
It is possible to make multiple calls to the \method{dump()} method of
|
|
the same \class{Pickler} instance. These must then be matched to the
|
|
same number of calls to the \method{load()} method of the
|
|
corresponding \class{Unpickler} instance. If the same object is
|
|
pickled by multiple \method{dump()} calls, the \method{load()} will
|
|
all yield references to the same object\footnote{\emph{Warning}: this
|
|
is intended for pickling multiple objects without intervening
|
|
modifications to the objects or their parts. If you modify an object
|
|
and then pickle it again using the same \class{Pickler} instance, the
|
|
object is not pickled again --- a reference to it is pickled and the
|
|
\class{Unpickler} will return the old value, not the modified one.
|
|
There are two problems here: (1) detecting changes, and (2)
|
|
marshalling a minimal set of changes. Garbage Collection may also
|
|
become a problem here.}.
|
|
|
|
\class{Unpickler} objects are defined as:
|
|
|
|
\begin{classdesc}{Unpickler}{file}
|
|
This takes a file-like object from which it will read a pickle data
|
|
stream. This class automatically determines whether the data stream
|
|
was written in binary mode or not, so it does not need a flag as in
|
|
the \class{Pickler} factory.
|
|
|
|
\var{file} must have two methods, a \method{read()} method that takes
|
|
an integer argument, and a \method{readline()} method that requires no
|
|
arguments. Both methods should return a string. Thus \var{file} can
|
|
be a file object opened for reading, a
|
|
\module{StringIO} object, or any other custom
|
|
object that meets this interface.
|
|
\end{classdesc}
|
|
|
|
\class{Unpickler} objects have one (or two) public methods:
|
|
|
|
\begin{methoddesc}[Unpickler]{load}{}
|
|
Read a pickled object representation from the open file object given
|
|
in the constructor, and return the reconstituted object hierarchy
|
|
specified therein.
|
|
\end{methoddesc}
|
|
|
|
\begin{methoddesc}[Unpickler]{noload}{}
|
|
This is just like \method{load()} except that it doesn't actually
|
|
create any objects. This is useful primarily for finding what's
|
|
called ``persistent ids'' that may be referenced in a pickle data
|
|
stream. See section~\ref{pickle-protocol} below for more details.
|
|
|
|
\strong{Note:} the \method{noload()} method is currently only
|
|
available on \class{Unpickler} objects created with the
|
|
\module{cPickle} module. \module{pickle} module \class{Unpickler}s do
|
|
not have the \method{noload()} method.
|
|
\end{methoddesc}
|
|
|
|
\subsection{What can be pickled and unpickled?}
|
|
|
|
The following types can be pickled:
|
|
|
|
\begin{itemize}
|
|
|
|
\item \code{None}
|
|
|
|
\item integers, long integers, floating point numbers, complex numbers
|
|
|
|
\item normal and Unicode strings
|
|
|
|
\item tuples, lists, and dictionaries containing only picklable objects
|
|
|
|
\item functions defined at the top level of a module
|
|
|
|
\item built-in functions defined at the top level of a module
|
|
|
|
\item classes that are defined at the top level of a module
|
|
|
|
\item instances of such classes whose \member{__dict__} or
|
|
\method{__setstate__()} is picklable (see
|
|
section~\ref{pickle-protocol} for details)
|
|
|
|
\end{itemize}
|
|
|
|
Attempts to pickle unpicklable objects will raise the
|
|
\exception{PicklingError} exception; when this happens, an unspecified
|
|
number of bytes may have already been written to the underlying file.
|
|
|
|
Note that functions (built-in and user-defined) are pickled by ``fully
|
|
qualified'' name reference, not by value. This means that only the
|
|
function name is pickled, along with the name of module the function
|
|
is defined in. Neither the function's code, nor any of its function
|
|
attributes are pickled. Thus the defining module must be importable
|
|
in the unpickling environment, and the module must contain the named
|
|
object, otherwise an exception will be raised\footnote{The exception
|
|
raised will likely be an \exception{ImportError} or an
|
|
\exception{AttributeError} but it could be something else.}.
|
|
|
|
Similarly, classes are pickled by named reference, so the same
|
|
restrictions in the unpickling environment apply. Note that none of
|
|
the class's code or data is pickled, so in the following example the
|
|
class attribute \code{attr} is not restored in the unpickling
|
|
environment:
|
|
|
|
\begin{verbatim}
|
|
class Foo:
|
|
attr = 'a class attr'
|
|
|
|
picklestring = pickle.dumps(Foo)
|
|
\end{verbatim}
|
|
|
|
These restrictions are why picklable functions and classes must be
|
|
defined in the top level of a module.
|
|
|
|
Similarly, when class instances are pickled, their class's code and
|
|
data are not pickled along with them. Only the instance data are
|
|
pickled. This is done on purpose, so you can fix bugs in a class or
|
|
add methods to the class and still load objects that were created with
|
|
an earlier version of the class. If you plan to have long-lived
|
|
objects that will see many versions of a class, it may be worthwhile
|
|
to put a version number in the objects so that suitable conversions
|
|
can be made by the class's \method{__setstate__()} method.
|
|
|
|
\subsection{The pickle protocol
|
|
\label{pickle-protocol}}\setindexsubitem{(pickle protocol)}
|
|
|
|
This section describes the ``pickling protocol'' that defines the
|
|
interface between the pickler/unpickler and the objects that are being
|
|
serialized. This protocol provides a standard way for you to define,
|
|
customize, and control how your objects are serialized and
|
|
de-serialized. The description in this section doesn't cover specific
|
|
customizations that you can employ to make the unpickling environment
|
|
safer from untrusted pickle data streams; see section~\ref{pickle-sec}
|
|
for more details.
|
|
|
|
\subsubsection{Pickling and unpickling normal class
|
|
instances\label{pickle-inst}}
|
|
|
|
When a pickled class instance is unpickled, its \method{__init__()}
|
|
method is normally \emph{not} invoked. If it is desirable that the
|
|
\method{__init__()} method be called on unpickling, a class can define
|
|
a method \method{__getinitargs__()}, which should return a
|
|
\emph{tuple} containing the arguments to be passed to the class
|
|
constructor (i.e. \method{__init__()}). The
|
|
\method{__getinitargs__()} method is called at
|
|
pickle time; the tuple it returns is incorporated in the pickle for
|
|
the instance.
|
|
\withsubitem{(copy protocol)}{\ttindex{__getinitargs__()}}
|
|
\withsubitem{(instance constructor)}{\ttindex{__init__()}}
|
|
|
|
\withsubitem{(copy protocol)}{
|
|
\ttindex{__getstate__()}\ttindex{__setstate__()}}
|
|
\withsubitem{(instance attribute)}{
|
|
\ttindex{__dict__}}
|
|
|
|
Classes can further influence how their instances are pickled; if the
|
|
class defines the method \method{__getstate__()}, it is called and the
|
|
return state is pickled as the contents for the instance, instead of
|
|
the contents of the instance's dictionary. If there is no
|
|
\method{__getstate__()} method, the instance's \member{__dict__} is
|
|
pickled.
|
|
|
|
Upon unpickling, if the class also defines the method
|
|
\method{__setstate__()}, it is called with the unpickled
|
|
state\footnote{These methods can also be used to implement copying
|
|
class instances.}. If there is no \method{__setstate__()} method, the
|
|
pickled object must be a dictionary and its items are assigned to the
|
|
new instance's dictionary. If a class defines both
|
|
\method{__getstate__()} and \method{__setstate__()}, the state object
|
|
needn't be a dictionary and these methods can do what they
|
|
want\footnote{This protocol is also used by the shallow and deep
|
|
copying operations defined in the
|
|
\refmodule{copy} module.}.
|
|
|
|
\subsubsection{Pickling and unpickling extension types}
|
|
|
|
When the \class{Pickler} encounters an object of a type it knows
|
|
nothing about --- such as an extension type --- it looks in two places
|
|
for a hint of how to pickle it. One alternative is for the object to
|
|
implement a \method{__reduce__()} method. If provided, at pickling
|
|
time \method{__reduce__()} will be called with no arguments, and it
|
|
must return either a string or a tuple.
|
|
|
|
If a string is returned, it names a global variable whose contents are
|
|
pickled as normal. When a tuple is returned, it must be of length two
|
|
or three, with the following semantics:
|
|
|
|
\begin{itemize}
|
|
|
|
\item A callable object, which in the unpickling environment must be
|
|
either a class, a callable registered as a ``safe constructor''
|
|
(see below), or it must have an attribute
|
|
\member{__safe_for_unpickling__} with a true value. Otherwise,
|
|
an \exception{UnpicklingError} will be raised in the unpickling
|
|
environment. Note that as usual, the callable itself is pickled
|
|
by name.
|
|
|
|
\item A tuple of arguments for the callable object, or \code{None}.
|
|
|
|
\item Optionally, the object's state, which will be passed to
|
|
the object's \method{__setstate__()} method as described in
|
|
section~\ref{pickle-inst}. If the object has no
|
|
\method{__setstate__()} method, then, as above, the value must
|
|
be a dictionary and it will be added to the object's
|
|
\member{__dict__}.
|
|
|
|
\end{itemize}
|
|
|
|
Upon unpickling, the callable will be called (provided that it meets
|
|
the above criteria), passing in the tuple of arguments; it should
|
|
return the unpickled object. If the second item was \code{None}, then
|
|
instead of calling the callable directly, its \method{__basicnew__()}
|
|
method is called without arguments. It should also return the
|
|
unpickled object.
|
|
|
|
An alternative to implementing a \method{__reduce__()} method on the
|
|
object to be pickled, is to register the callable with the
|
|
\refmodule[copyreg]{copy_reg} module. This module provides a way
|
|
for programs to register ``reduction functions'' and constructors for
|
|
user-defined types. Reduction functions have the same semantics and
|
|
interface as the \method{__reduce__()} method described above, except
|
|
that they are called with a single argument, the object to be pickled.
|
|
|
|
The registered constructor is deemed a ``safe constructor'' for purposes
|
|
of unpickling as described above.
|
|
|
|
\subsubsection{Pickling and unpickling external objects}
|
|
|
|
For the benefit of object persistence, the \module{pickle} module
|
|
supports the notion of a reference to an object outside the pickled
|
|
data stream. Such objects are referenced by a ``persistent id'',
|
|
which is just an arbitrary string of printable \ASCII{} characters.
|
|
The resolution of such names is not defined by the \module{pickle}
|
|
module; it will delegate this resolution to user defined functions on
|
|
the pickler and unpickler\footnote{The actual mechanism for
|
|
associating these user defined functions is slightly different for
|
|
\module{pickle} and \module{cPickle}. The description given here
|
|
works the same for both implementations. Users of the \module{pickle}
|
|
module could also use subclassing to effect the same results,
|
|
overriding the \method{persistent_id()} and \method{persistent_load()}
|
|
methods in the derived classes.}.
|
|
|
|
To define external persistent id resolution, you need to set the
|
|
\member{persistent_id} attribute of the pickler object and the
|
|
\member{persistent_load} attribute of the unpickler object.
|
|
|
|
To pickle objects that have an external persistent id, the pickler
|
|
must have a custom \function{persistent_id()} method that takes an
|
|
object as an argument and returns either \code{None} or the persistent
|
|
id for that object. When \code{None} is returned, the pickler simply
|
|
pickles the object as normal. When a persistent id string is
|
|
returned, the pickler will pickle that string, along with a marker
|
|
so that the unpickler will recognize the string as a persistent id.
|
|
|
|
To unpickle external objects, the unpickler must have a custom
|
|
\function{persistent_load()} function that takes a persistent id
|
|
string and returns the referenced object.
|
|
|
|
Here's a silly example that \emph{might} shed more light:
|
|
|
|
\begin{verbatim}
|
|
import pickle
|
|
from cStringIO import StringIO
|
|
|
|
src = StringIO()
|
|
p = pickle.Pickler(src)
|
|
|
|
def persistent_id(obj):
|
|
if hasattr(obj, 'x'):
|
|
return 'the value %d' % obj.x
|
|
else:
|
|
return None
|
|
|
|
p.persistent_id = persistent_id
|
|
|
|
class Integer:
|
|
def __init__(self, x):
|
|
self.x = x
|
|
def __str__(self):
|
|
return 'My name is integer %d' % self.x
|
|
|
|
i = Integer(7)
|
|
print i
|
|
p.dump(i)
|
|
|
|
datastream = src.getvalue()
|
|
print repr(datastream)
|
|
dst = StringIO(datastream)
|
|
|
|
up = pickle.Unpickler(dst)
|
|
|
|
class FancyInteger(Integer):
|
|
def __str__(self):
|
|
return 'I am the integer %d' % self.x
|
|
|
|
def persistent_load(persid):
|
|
if persid.startswith('the value '):
|
|
value = int(persid.split()[2])
|
|
return FancyInteger(value)
|
|
else:
|
|
raise pickle.UnpicklingError, 'Invalid persistent id'
|
|
|
|
up.persistent_load = persistent_load
|
|
|
|
j = up.load()
|
|
print j
|
|
\end{verbatim}
|
|
|
|
In the \module{cPickle} module, the unpickler's
|
|
\member{persistent_load} attribute can also be set to a Python
|
|
list, in which case, when the unpickler reaches a persistent id, the
|
|
persistent id string will simply be appended to this list. This
|
|
functionality exists so that a pickle data stream can be ``sniffed''
|
|
for object references without actually instantiating all the objects
|
|
in a pickle\footnote{We'll leave you with the image of Guido and Jim
|
|
sitting around sniffing pickles in their living rooms.}. Setting
|
|
\member{persistent_load} to a list is usually used in conjunction with
|
|
the \method{noload()} method on the Unpickler.
|
|
|
|
% BAW: Both pickle and cPickle support something called
|
|
% inst_persistent_id() which appears to give unknown types a second
|
|
% shot at producing a persistent id. Since Jim Fulton can't remember
|
|
% why it was added or what it's for, I'm leaving it undocumented.
|
|
|
|
\subsection{Security \label{pickle-sec}}
|
|
|
|
Most of the security issues surrounding the \module{pickle} and
|
|
\module{cPickle} module involve unpickling. There are no known
|
|
security vulnerabilities
|
|
related to pickling because you (the programmer) control the objects
|
|
that \module{pickle} will interact with, and all it produces is a
|
|
string.
|
|
|
|
However, for unpickling, it is \strong{never} a good idea to unpickle
|
|
an untrusted string whose origins are dubious, for example, strings
|
|
read from a socket. This is because unpickling can create unexpected
|
|
objects and even potentially run methods of those objects, such as
|
|
their class constructor or destructor\footnote{A special note of
|
|
caution is worth raising about the \refmodule{Cookie}
|
|
module. By default, the \class{Cookie.Cookie} class is an alias for
|
|
the \class{Cookie.SmartCookie} class, which ``helpfully'' attempts to
|
|
unpickle any cookie data string it is passed. This is a huge security
|
|
hole because cookie data typically comes from an untrusted source.
|
|
You should either explicitly use the \class{Cookie.SimpleCookie} class
|
|
--- which doesn't attempt to unpickle its string --- or you should
|
|
implement the defensive programming steps described later on in this
|
|
section.}.
|
|
|
|
You can defend against this by customizing your unpickler so that you
|
|
can control exactly what gets unpickled and what gets called.
|
|
Unfortunately, exactly how you do this is different depending on
|
|
whether you're using \module{pickle} or \module{cPickle}.
|
|
|
|
One common feature that both modules implement is the
|
|
\member{__safe_for_unpickling__} attribute. Before calling a callable
|
|
which is not a class, the unpickler will check to make sure that the
|
|
callable has either been registered as a safe callable via the
|
|
\refmodule[copyreg]{copy_reg} module, or that it has an
|
|
attribute \member{__safe_for_unpickling__} with a true value. This
|
|
prevents the unpickling environment from being tricked into doing
|
|
evil things like call \code{os.unlink()} with an arbitrary file name.
|
|
See section~\ref{pickle-protocol} for more details.
|
|
|
|
For safely unpickling class instances, you need to control exactly
|
|
which classes will get created. Be aware that a class's constructor
|
|
could be called (if the pickler found a \method{__getinitargs__()}
|
|
method) and the the class's destructor (i.e. its \method{__del__()} method)
|
|
might get called when the object is garbage collected. Depending on
|
|
the class, it isn't very heard to trick either method into doing bad
|
|
things, such as removing a file. The way to
|
|
control the classes that are safe to instantiate differs in
|
|
\module{pickle} and \module{cPickle}\footnote{A word of caution: the
|
|
mechanisms described here use internal attributes and methods, which
|
|
are subject to change in future versions of Python. We intend to
|
|
someday provide a common interface for controlling this behavior,
|
|
which will work in either \module{pickle} or \module{cPickle}.}.
|
|
|
|
In the \module{pickle} module, you need to derive a subclass from
|
|
\class{Unpickler}, overriding the \method{load_global()}
|
|
method. \method{load_global()} should read two lines from the pickle
|
|
data stream where the first line will the the name of the module
|
|
containing the class and the second line will be the name of the
|
|
instance's class. It then look up the class, possibly importing the
|
|
module and digging out the attribute, then it appends what it finds to
|
|
the unpickler's stack. Later on, this class will be assigned to the
|
|
\member{__class__} attribute of an empty class, as a way of magically
|
|
creating an instance without calling its class's \method{__init__()}.
|
|
You job (should you choose to accept it), would be to have
|
|
\method{load_global()} push onto the unpickler's stack, a known safe
|
|
version of any class you deem safe to unpickle. It is up to you to
|
|
produce such a class. Or you could raise an error if you want to
|
|
disallow all unpickling of instances. If this sounds like a hack,
|
|
you're right. UTSL.
|
|
|
|
Things are a little cleaner with \module{cPickle}, but not by much.
|
|
To control what gets unpickled, you can set the unpickler's
|
|
\member{find_global} attribute to a function or \code{None}. If it is
|
|
\code{None} then any attempts to unpickle instances will raise an
|
|
\exception{UnpicklingError}. If it is a function,
|
|
then it should accept a module name and a class name, and return the
|
|
corresponding class object. It is responsible for looking up the
|
|
class, again performing any necessary imports, and it may raise an
|
|
error to prevent instances of the class from being unpickled.
|
|
|
|
The moral of the story is that you should be really careful about the
|
|
source of the strings your application unpickles.
|
|
|
|
\subsection{Example \label{pickle-example}}
|
|
|
|
Here's a simple example of how to modify pickling behavior for a
|
|
class. The \class{TextReader} class opens a text file, and returns
|
|
the line number and line contents each time its \method{readline()}
|
|
method is called. If a \class{TextReader} instance is pickled, all
|
|
attributes \emph{except} the file object member are saved. When the
|
|
instance is unpickled, the file is reopened, and reading resumes from
|
|
the last location. The \method{__setstate__()} and
|
|
\method{__getstate__()} methods are used to implement this behavior.
|
|
|
|
\begin{verbatim}
|
|
class TextReader:
|
|
"""Print and number lines in a text file."""
|
|
def __init__(self, file):
|
|
self.file = file
|
|
self.fh = open(file)
|
|
self.lineno = 0
|
|
|
|
def readline(self):
|
|
self.lineno = self.lineno + 1
|
|
line = self.fh.readline()
|
|
if not line:
|
|
return None
|
|
if line.endswith("\n"):
|
|
line = line[:-1]
|
|
return "%d: %s" % (self.lineno, line)
|
|
|
|
def __getstate__(self):
|
|
odict = self.__dict__.copy() # copy the dict since we change it
|
|
del odict['fh'] # remove filehandle entry
|
|
return odict
|
|
|
|
def __setstate__(self,dict):
|
|
fh = open(dict['file']) # reopen file
|
|
count = dict['lineno'] # read from file...
|
|
while count: # until line count is restored
|
|
fh.readline()
|
|
count = count - 1
|
|
self.__dict__.update(dict) # update attributes
|
|
self.fh = fh # save the file object
|
|
\end{verbatim}
|
|
|
|
A sample usage might be something like this:
|
|
|
|
\begin{verbatim}
|
|
>>> import TextReader
|
|
>>> obj = TextReader.TextReader("TextReader.py")
|
|
>>> obj.readline()
|
|
'1: #!/usr/local/bin/python'
|
|
>>> # (more invocations of obj.readline() here)
|
|
... obj.readline()
|
|
'7: class TextReader:'
|
|
>>> import pickle
|
|
>>> pickle.dump(obj,open('save.p','w'))
|
|
\end{verbatim}
|
|
|
|
If you want to see that \refmodule{pickle} works across Python
|
|
processes, start another Python session, before continuing. What
|
|
follows can happen from either the same process or a new process.
|
|
|
|
\begin{verbatim}
|
|
>>> import pickle
|
|
>>> reader = pickle.load(open('save.p'))
|
|
>>> reader.readline()
|
|
'8: "Print and number lines in a text file."'
|
|
\end{verbatim}
|
|
|
|
|
|
\begin{seealso}
|
|
\seemodule[copyreg]{copy_reg}{Pickle interface constructor
|
|
registration for extension types.}
|
|
|
|
\seemodule{shelve}{Indexed databases of objects; uses \module{pickle}.}
|
|
|
|
\seemodule{copy}{Shallow and deep object copying.}
|
|
|
|
\seemodule{marshal}{High-performance serialization of built-in types.}
|
|
\end{seealso}
|
|
|
|
|
|
\section{\module{cPickle} --- A faster \module{pickle}}
|
|
|
|
\declaremodule{builtin}{cPickle}
|
|
\modulesynopsis{Faster version of \refmodule{pickle}, but not subclassable.}
|
|
\moduleauthor{Jim Fulton}{jfulton@digicool.com}
|
|
\sectionauthor{Fred L. Drake, Jr.}{fdrake@acm.org}
|
|
|
|
The \module{cPickle} module supports serialization and
|
|
de-serialization of Python objects, providing an interface and
|
|
functionality nearly identical to the
|
|
\refmodule{pickle}\refstmodindex{pickle} module. There are several
|
|
differences, the most important being performance and subclassability.
|
|
|
|
First, \module{cPickle} can be up to 1000 times faster than
|
|
\module{pickle} because the former is implemented in C. Second, in
|
|
the \module{cPickle} module the callables \function{Pickler()} and
|
|
\function{Unpickler()} are functions, not classes. This means that
|
|
you cannot use them to derive custom pickling and unpickling
|
|
subclasses. Most applications have no need for this functionality and
|
|
should benefit from the greatly improved performance of the
|
|
\module{cPickle} module.
|
|
|
|
The pickle data stream produced by \module{pickle} and
|
|
\module{cPickle} are identical, so it is possible to use
|
|
\module{pickle} and \module{cPickle} interchangeably with existing
|
|
pickles\footnote{Since the pickle data format is actually a tiny
|
|
stack-oriented programming language, and some freedom is taken in the
|
|
encodings of certain objects, it is possible that the two modules
|
|
produce different data streams for the same input objects. However it
|
|
is guaranteed that they will always be able to read each other's
|
|
data streams.}.
|
|
|
|
There are additional minor differences in API between \module{cPickle}
|
|
and \module{pickle}, however for most applications, they are
|
|
interchangable. More documentation is provided in the
|
|
\module{pickle} module documentation, which
|
|
includes a list of the documented differences.
|
|
|
|
|