Merge pull request #22068 from edx/feanil/get_out_of_a_pickle

Create a custom Pickle Serializer
2019-10-18 14:48:24 -04:00
parent 3316674bde bfc02dc3ab
commit 05ab349c88
3 changed files with 39 additions and 2 deletions
--- a/cms/envs/common.py
+++ b/cms/envs/common.py
@@ -829,7 +829,7 @@ COURSES_WITH_UNSAFE_CODE = []
 DEBUG = False
 SESSION_COOKIE_SECURE = False
 SESSION_SAVE_EVERY_REQUEST = False
-SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer'
+SESSION_SERIALIZER = 'openedx.core.lib.session_serializers.PickleV2Serializer'
 SESSION_COOKIE_DOMAIN = ""
 SESSION_COOKIE_NAME = 'sessionid'

--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -1101,7 +1101,7 @@ DEBUG = False
 USE_TZ = True
 SESSION_COOKIE_SECURE = False
 SESSION_SAVE_EVERY_REQUEST = False
-SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer'
+SESSION_SERIALIZER = 'openedx.core.lib.session_serializers.PickleV2Serializer'
 SESSION_COOKIE_DOMAIN = ""
 SESSION_COOKIE_NAME = 'sessionid'

--- a/openedx/core/lib/session_serializers.py
+++ b/openedx/core/lib/session_serializers.py
@@ -0,0 +1,37 @@
+"""
+Custom session serializer to deal with going from python2 and python3.
+"""
+import pickle
+import six
+
+
+class PickleV2Serializer(object):
+    """
+    Lock the pickle serializer to version 2 of the protocol
+    because we don't want python 2 to be able to read session
+    data written by python3 while both are running at the same
+    time in production.
+
+    Based on the PickleSerializer built into django:
+    https://github.com/django/django/blob/master/django/contrib/sessions/serializers.py
+    """
+
+    protocol = 2
+
+    def dumps(self, obj):
+        """
+        Return a pickled representation of object.
+        """
+        return pickle.dumps(obj, self.protocol)
+
+    def loads(self, data):
+        """
+        Return a python object from pickled data.
+        """
+        if six.PY2:
+            # Params used below don't exist in python 2
+            return pickle.loads(data)
+        else:
+            # See notes here about pickling python2 objects in python3
+            # https://docs.python.org/3/library/pickle.html#pickle.Unpickler
+            return pickle.loads(data, encoding='latin1')  # pylint: disable=unexpected-keyword-arg