Use Python's Pickle Module Safely
Project description
SecPickle
We all know that the Python Pickle module is not secure because arbitrary code can be executed. The function of secpickle is to guarantee that you will only unzip files that were generated by you, avoiding reading unknown files.
How to use
The functions available in secpickle are:
- load()
- loads()
- dump()
- dumps()
Only one thing changes in using these functions: an argument called key has been added to each of them. The key is requested so that a unique hash can be used to prove that file was created by you. The more complex your key, the greater the security.
The same key used for dump must be used to load the file. Otherwise, the IntegrityUnconfirmedError exception will be thrown, indicating, as the name implies, that it is not possible to confirm whether that file was created by you.
from secpickle import secpickle
data = [{'name': 'SecPickle'}]
key = 'this-is-my-secret-key'
with open('data', 'wb') as file:
secpickle.dump(data, file, key)
with open('data', 'rb') as file:
result = secpickle.load(file, key)
print(result)
License
BSD 3-Clause License
Copyright (c) 2023, Firlast
This project uses the BSD 3-Clause License, please read the license for more informations.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
