📅  最后修改于: 2023-12-03 14:48:13.736000             🧑  作者: Mango
Unpickling is the reverse process of serializing the data. It refers to the process of converting binary data (saved in a file or a database) into a python object hierarchy. The python module used for unpickling is called pickle
. The pickle
module is used to handle pickled data.
Unpickling is mostly used when we need to retrieve saved data from a file or database. The pickle
module comes pre-installed with python so there is no need to install any third-party package.
To unpickle data saved in a file, we first need to read the data from that file:
import pickle
# Open the file for reading
with open('data.pickle', 'rb') as f:
# Load the object hierarchy from the file
data = pickle.load(f)
This reads the data saved in the file named data.pickle
and loads it into the data
variable.
Unpickling data comes with a security warning. Unpickling untrusted data can execute arbitrary code. This can be dangerous if an attacker can modify the pickled data. An attacker can cause arbitrary code to execute by creating a specially-crafted pickle that, when loaded, will execute arbitrary code.
To prevent such attacks, it is recommended to use the "safe" mode of unpickling. This mode only allows the pickled objects of a limited set of types to be deserialized. To use the safe mode, you can pass the unpickler
parameter to the load()
method as follows:
with open('data.pickle', 'rb') as f:
# Create an Unpickler object with the "safe" mode
p = pickle.Unpickler(f, 'safe')
# Load the object hierarchy from the file
data = p.load()
Using the safe mode ensures that only safe objects are unpickled, reducing the risk of code injection.
Unpickling is the process of converting pickled data back to python objects. The pickle
module can be used to handle the unpickling process. However, security risks are associated with unpickling untrusted data, and the safe mode of unpickling should be used when unpickling data from untrusted sources.