top | item 46467663

(no title)

xml | 1 month ago

Were there any particular challenges when implementing your library? I have implemented my own serialization library [1] (with a focus on not allowing arbitrary code execution), but had skipped dataclasses for now, since they seemed difficult to get right. What was your experience?

[1] https://github.com/99991/safeserialize

Side note: I think that a warning in the README about arbitrary code execution for deserialization of untrusted inputs would be nice.

discuss

orrbenyamini|1 month ago

Good question! Dataclasses were actually pretty easy - Python's introspection tools made them straightforward.

The tricky parts were:

- Type hints - Mapping __init__ params to attributes, especially with complex types - Preserving types - Keeping tuples as tuples and sets as sets (not just lists) - Error messages - Tracking paths like obj.address.street through the whole pipeline

I checked out safeserialize, by the way—the focus on preventing arbitrary code execution is a really smart niche.