shelve2 -- An expanded shelve module


The shelve shipped in the Python Standard Library is a very easy-to-use module to store arbitrary Python objects in a key-value database. However, it can only use the pickle module for serialisation which is unsafe because deserialising untrusted data may execute arbitrary code.

The shelve2 module is a fully compatible version of the shelve module that was expanded to support additional serialisation protocol choices. Specifically, JSON serialisation was added to provide a safer option -- at the cost of being able to store almost any arbitrary Python object. On top of that, other serialiser implementations can be supported without touching the module source.

NB Running the tests requires that you have the actual Python unit tests installed.

API Overview

The interface of the shelve module is fully supported and un-changed; shelve2 is a drop-in replacement. However, to use protocols other than pickle, you need to use the newly-added API. A short overview of the new interface members is given below. More information can be found in the module's docstrings.

New base class that implements all of the behaviour of Shelf but performs serialisation and deserialisation using the abstract _dump and _load methods. These need to be provided in a derived class (preferably using a mixin class).
Abstracted version of BsdDbShelf.
Abstracted version of DbfilenameShelf.

The original *Shelf classes are implemented as subclasses of their Abstract*Shelf counterpart.

A serialisation mixin that uses the pickle module. Used in the *Shelf classes to provide the original behaviour for those.
A serialisation mixin using the json module.
An expanded version of the shelve.open function. It supports an additional serialisation_protocol parameter to pick a serialiser implementation.