Pickles are bad, and you should feel bad

[nedbat]

On 2/14/2013 10:38 PM, Alex Gaynor wrote:

Hi Ned,

Basically what I want to do is have several different test runs on travis-ci.com take their coverage runs and send it to a build server, which would combine them and output the total results. (This is all for topaz by the way). I can do some basic security by adding a secret to each POST to the server (this is what I do for my nightly build uploads). The problem is, coverage data is a .pickle, and, in the event my secret is compromised I'd prefer the result be bad coverage data, and not total ownage of my server.

Alex

---

• Bitbucket: https://bitbucket.org/ned/coveragepy/issue/236

[nedbat]

Original comment by d (Bitbucket: desmaj, GitHub: desmaj)

---

It looks like the coverage data file only contains dicts, lists, strings, and ints (Correct me if I'm wrong, Ned). It would probably be possible to write a small de-pickler that would only load these things. In that way you could continue to serialize as a pickle, but be safe from server ownage on deserialization. Alex, would that meet your needs?

[nedbat]

Original comment by Marius Gedminas (Bitbucket: mgedmin, GitHub: mgedmin)

---

Why not keep it simple and use JSON? Gzipped, if space is an issue.

[nedbat]

Yup, json is the right choice these days. Its only downside is it isn't as compact as something like pickle, but the size of these files is not an issue, and if it is, we can gzip them.

[nedbat]

@jchappell82 thanks for looking into it. I still want to do it. There doesn't have to be any backward compatibility: there's no need to read coverage 3.7.1 data files with coverage 4.0. We can keep talking here, or find me on Freenode IRC as nedbat.

[nedbat]

Data files are now JSON instead of pickles. Fixes #236.

→ <<cset 8b2420c71070 (bb)>>

[nedbat]

Finished in 8b2420c71070 (bb)