Serialize object to string. Args: obj: Object to serialize allow_pickle: If False (default), use ONLY safe JSON serialization (error if fails). If True, try safe first, fallback to pickle with warning. Returns: s
(obj: Any, allow_pickle: bool = False)
| 250 | |
| 251 | @staticmethod |
| 252 | def dumps(obj: Any, allow_pickle: bool = False) -> str: |
| 253 | """ |
| 254 | Serialize object to string. |
| 255 | |
| 256 | Args: |
| 257 | obj: Object to serialize |
| 258 | allow_pickle: If False (default), use ONLY safe JSON serialization (error if fails). |
| 259 | If True, try safe first, fallback to pickle with warning. |
| 260 | |
| 261 | Returns: |
| 262 | str: Serialized string ("safe:..." for JSON, "pickle:..." for pickle) |
| 263 | |
| 264 | Raises: |
| 265 | SerializationError: If allow_pickle=False and object cannot be safely serialized |
| 266 | """ |
| 267 | if not allow_pickle: |
| 268 | # Safe ONLY mode - no pickle fallback |
| 269 | json_safe = SafeSerializer.to_json_safe(obj) # Raises SerializationError if fails |
| 270 | return SafeSerializer.SAFE_PREFIX + json.dumps(json_safe) |
| 271 | else: |
| 272 | # Try safe first, fallback to pickle |
| 273 | try: |
| 274 | json_safe = SafeSerializer.to_json_safe(obj) |
| 275 | return SafeSerializer.SAFE_PREFIX + json.dumps(json_safe) |
| 276 | except SerializationError: |
| 277 | # Warn about insecure pickle usage |
| 278 | import warnings |
| 279 | |
| 280 | warnings.warn( |
| 281 | "Falling back to insecure pickle serialization. " |
| 282 | "This is a security risk and will be removed in a future version. " |
| 283 | "Consider using only safe serializable types (primitives, lists, dicts, " |
| 284 | "numpy arrays, PIL images, datetime objects, dataclasses).", |
| 285 | FutureWarning, |
| 286 | stacklevel=2, |
| 287 | ) |
| 288 | # Fallback to pickle (with prefix) |
| 289 | try: |
| 290 | return "pickle:" + base64.b64encode(pickle.dumps(obj)).decode() |
| 291 | except (pickle.PicklingError, TypeError, AttributeError) as e: |
| 292 | raise SerializationError(f"Cannot serialize object: {e}") from e |
| 293 | |
| 294 | @staticmethod |
| 295 | def loads(data: str, allow_pickle: bool = False) -> Any: |