Mercurial > libervia-backend
view libervia/cli/xml_tools.py @ 4212:5f2d496c633f
core: get rid of `pickle`:
Use of `pickle` to serialise data was a technical legacy that was causing trouble to store
in database, to update (if a class was serialised, a change could break update), and to
security (pickle can lead to code execution).
This patch remove all use of Pickle in favour in JSON, notably:
- for caching data, a Pydantic model is now used instead
- for SQLAlchemy model, the LegacyPickle is replaced by JSON serialisation
- in XEP-0373 a class `PublicKeyMetadata` was serialised. New method `from_dict` and
`to_dict` method have been implemented to do serialisation.
- new methods to (de)serialise data can now be specified with Identity data types. It is
notably used to (de)serialise `path` of avatars.
A migration script has been created to convert data (for upgrade or downgrade), with
special care for XEP-0373 case. Depending of size of database, this migration script can
be long to run.
rel 443
author | Goffi <goffi@goffi.org> |
---|---|
date | Fri, 23 Feb 2024 13:31:04 +0100 |
parents | 47401850dec6 |
children | 0d7bb4df2343 |
line wrap: on
line source
#!/usr/bin/env python3 # Libervia CLI # Copyright (C) 2009-2021 Jérôme Poisson (goffi@goffi.org) # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. from libervia.backend.core.i18n import _ from libervia.cli.constants import Const as C def etree_parse(cmd, raw_xml, reraise=False): """import lxml and parse raw XML @param cmd(CommandBase): current command instance @param raw_xml(file, str): an XML bytestring, string or file-like object @param reraise(bool): if True, re raise exception on parse error instead of doing a parser.error (which terminate the execution) @return (tuple(etree.Element, module): parsed element, etree module """ try: from lxml import etree except ImportError: cmd.disp( 'lxml module must be installed, please install it with "pip install lxml"', error=True, ) cmd.host.quit(C.EXIT_ERROR) try: if isinstance(raw_xml, str): parser = etree.XMLParser(remove_blank_text=True) element = etree.fromstring(raw_xml, parser) else: element = etree.parse(raw_xml).getroot() except Exception as e: if reraise: raise e cmd.parser.error( _("Can't parse the payload XML in input: {msg}").format(msg=e) ) return element, etree def get_payload(cmd, element): """Retrieve payload element and exit with and error if not found @param element(etree.Element): root element @return element(etree.Element): payload element """ if element.tag in ("item", "{http://jabber.org/protocol/pubsub}item"): if len(element) > 1: cmd.disp(_("<item> can only have one child element (the payload)"), error=True) cmd.host.quit(C.EXIT_DATA_ERROR) element = element[0] return element