Principle:Trailofbits Fickling Analysis Result Serialization

Overview

A result formatting mechanism that converts pickle safety analysis findings into structured data formats (dict/JSON and human-readable string) for consumption by downstream tools and human reviewers.

Description

After running safety analysis on a pickle file, the results must be communicated to either humans (via formatted text) or machines (via JSON/dict). Analysis Result Serialization provides two complementary outputs:

• to_string(): Newline-joined messages for results meeting a minimum severity threshold, suitable for terminal output or log files
• to_dict(): Structured dictionary with severity name, analysis message text, and detailed per-analysis trigger information, suitable for JSON serialization and API responses

Both methods accept a verbosity parameter that filters results by minimum severity, allowing users to suppress low-priority findings.

Usage

Use this principle when integrating pickle safety scanning into CI/CD pipelines (JSON output for machine parsing), CLI tools (string output for terminal display), or monitoring dashboards (dict output for structured logging).

Theoretical Basis

# Pseudocode: Dual output formatting
def to_string(results, min_severity):
    return "\n".join(
        result.message for result in results
        if result.severity >= min_severity
    )

def to_dict(results, min_severity):
    return {
        "severity": max_severity.name,
        "analysis": to_string(results, min_severity),
        "detailed_results": {r.analysis_name: r.trigger for r in results}
    }

Related Pages

Implemented By

• Implementation:Trailofbits_Fickling_AnalysisResults_To_Dict