-
-
Notifications
You must be signed in to change notification settings - Fork 784
Use a safe serialization format for update check state #19560
Copy link
Copy link
Open
Labels
audience/nvda-devPR or issue is relevant to NVDA / Add-on developersPR or issue is relevant to NVDA / Add-on developersp3https://github.com/nvaccess/nvda/blob/master/projectDocs/issues/triage.md#priorityhttps://github.com/nvaccess/nvda/blob/master/projectDocs/issues/triage.md#prioritysecuritytriagedHas been triaged, issue is waiting for implementation.Has been triaged, issue is waiting for implementation.
Description
Metadata
Metadata
Assignees
Labels
audience/nvda-devPR or issue is relevant to NVDA / Add-on developersPR or issue is relevant to NVDA / Add-on developersp3https://github.com/nvaccess/nvda/blob/master/projectDocs/issues/triage.md#priorityhttps://github.com/nvaccess/nvda/blob/master/projectDocs/issues/triage.md#prioritysecuritytriagedHas been triaged, issue is waiting for implementation.Has been triaged, issue is waiting for implementation.
Type
Fields
Give feedbackNo fields configured for Task.
Related issues, PRs or discussions
Related #19559
What is the current state of the codebase?
NVDA uses
pickleto store the state of the update check system, including the last check timestamp, details of the pending update if any, and an ignored update version if any. However, as the documentation states:Why are changes required?
Since we're persisting data to
%appData%, we cannot trust that it hasn't been tampered with.What technical changes are required?
Rather than using
pickleto store the data, use a safe serialisation format like JSON.Are the proposed technical changes API breaking?
Yes.
pickleand JSON are not compatible serialisation formats.Are there potential risks or issues with the proposed implementation?
We may need to migrate old
updateCheckState.picklefiles to the new format. However, this may not be required, as we could potentially just delete the file when updating.