Would this accomplish something like:

pickle.load(safe=True)  # or
pickle.safe_loads()

Is there already a way to load data and not code *with pickle*?
https://docs.python.org/3/library/pickle.html

On Sat, Jul 11, 2020, 11:01 AM Random832 <random832@fastmail.com> wrote:
The current practice, by overriding find_class, is limited to overriding what globals get loaded. This makes it impossible to distinguish globals that will be used as data from globals that will be called as constructors, along with similar concerns with object attributes [especially methods] obtained by loading builtins.getattr as global.

I would suggest also exposing for overrides the points where a callable loaded from the pickle is called - on the pure-python _Unpickler these are _instantiate, load_newobj, load_newobj_ex, and load_reduce, though it might be worthwhile to make a single method that can be overridden and use it at the points where each of these call a loaded object.
_______________________________________________
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-leave@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/BB2TLAF6YSE5PEDQCPLWATDTUYPNXA4D/
Code of Conduct: http://python.org/psf/codeofconduct/