I'm writing a game in which user can create his own level and remove them also.
The only trouble is that I want files to be saved with names as level1, level2, level3 etc without asking user name of level.
While saving a game with level5 name it might be possible that any previous level with that name already exists. Is there any way to avoid such problems.
I mean before saving the name by which i should save should be known previously...
thanx...
You can make use of the methods provided by the java.io.File API, such as File#exists(). It returns a boolean. If it is true, then you can either append to the file, or create another one with a different filename (maybe a counter suffix?). You can append to any existing file using the another constructor of FileOutputStream taking a 2nd boolean argument which you set to true. You can also just stick to using this constructor without checking if the file exists, it will just create new one if file doesn't exist and it will just append if the file exists.
What is the expected behavior in case level5 already exists and the user tries to save level 5? Should the old level5 file be overridden? If not, what else should happen? Should the new file me saved under a different name? And how is your game later on finding this level? If there are multiple level5 files for the 5th level, how shall your game know which one to pick?
Of course you could always create a UUID (that is more or less guaranteed to be unique in practice), create a directory named after that UUID and store the files into the directory as level1 to level5. Next time the user opens the level editor you create a new UUID, thus avoiding any naming conflicts.
Or you can turn it around. You crate a directory name level1, level2, etc. and within each directory you store the files using file names that contain a UUID. That way the game can always easily present a list of all level 5 levels by going into the level5 directory and looking at all files found there.
The question is rather: How will you present those levels to the user when it comes to picking one? As you don't have names, you hardly want to show UUIDs to the user. So I wonder if it is not better to let the user name levels or set of levels (directories).
It seems that your problem is not how but what. Reconsider your goal (desired functional requirements).
If user cannot provide a unique (and meaningful) name for created level, how will he refer to that level (for example in case he wants to edit it)?
I think you should keep additional data for every level like: name (unique), author, maybe date of creation, date of last modification, etc. When user saves (creates or edits) a level he should be warned in case level with provided name exists and should choose between cancel/overwrite/try_another_name. Probably user should be prohibited from overwriting a level when he is not the author.
The best (natural) way to store and process above data is to use a database.
Related
I want to save severals files using Stream to serialize objects, with one serializable object per file.
The reason why I want have one file per object is that I have a list of these objects, I am on Android and at the start of the applicaiton I want load all saved objects, this is the easy part.
But during the execution I want add new elements in this list, and delete elements. And I want update the folder with my files in the same time.
So I supposed I have to create one file per object. But may be there is another solution ?
The main problem is : how name each file ? To avoid overwrite a file, ...
I first thinked that I will have to name my files depending the name of a String given by the user, but I will have to check if the name file is valid,...
So may be the solution is to just name my files with an integer, and at the first load, I just continue the counter from the higher file ?
I suppose my problem is frequent, so what are your solutions to write during the execution a dynamic list of objects ?
Thanks you
I am facing this security flaw in my project at multiple places. I don't have any white-list to do a check at every occurrence of this flaw. I want to use ESAPI call to perform a basic blacklist check on the file name. I have read that we can use SafeFile object of ESAPI but cannot figure out how and where.
Below are a few options I came up with, Please let me know which one will work out?
ESAPI.validator().getValidInput() or ESAPI.validator().getValidFileName()
Blacklists are a no-win scenario. This can only protect you against known threats. Any code scanning tool you use here will continue to report the vulnerability... because a blacklist is a vulnerability. See this note from OWASP:
This strategy, also known as "negative" or "blacklist" validation is a
weak alternative to positive validation. Essentially, if you don't
expect to see characters such as %3f or JavaScript or similar, reject
strings containing them. This is a dangerous strategy, because the set
of possible bad data is potentially infinite. Adopting this strategy
means that you will have to maintain the list of "known bad"
characters and patterns forever, and you will by definition have
incomplete protection.
Also, character encoding and OS makes this a problem too. Let's say we accept an upload of a *.docx file. Here's the different corner-cases to consider, and this would be for every application in your portfolio.
Is the accepting application running on a linux platform or an NT platform? (File separators are \ in Windows and / in linux.)
a. spaces are also treated differently in file/directory paths across systems.
Does the application already account for URL-encoding?
Is the file being sent stored in a database or on the system itself?
Is the file you're receiving executable or not? For example, if I rename netcat.exe to foo.docx does your application actually check to see if the file being uploaded contains the magic numbers for an exe file?
I can go on. But I won't. I could write an encyclopedia.
If this is across multiple applications against your company's portfolio it is your ethical duty to state this clearly, and then your company needs to come up with an app/by/app whitelist.
As far as ESAPI is concerned, you would use Validator.getValidInput() with a regex that was an OR of all the files you wanted to reject, ie. in validation.properties you'd do something like: Validator.blackListsAreABadIdea=regex1|regex2|regex3|regex4
Note that the parsing penalty for blacklists is higher too... every input string will have to be run against EVERY regex in your blacklist, which as OWASP points out, can be infinite.
So again, the correct solution is to have every application team in your portfolio construct a whitelist for their application. If this is really impossible (and I doubt that) then you need to make sure that you've stated the risks cited here clearly to management and you refuse to proceed with the blacklist approach until you have written documentation that the company chooses to accept the risk. This will protect you from legal liability when the blacklist fails and you're taken to court.
[EDIT]
The method you're looking for was called HTTPUtilites.safeFileUpload() listed here as acceptance criteria but this was most likely never implemented due to the difficulties I posted above. Blacklists are extremely custom to the application. The best you'll get is a method HTTPUtilities.getFileUploads() which uses a list defined in ESAPI.properties under the key HttpUtilities.ApprovedUploadExtensions
However, the default version needs to be customized as I doubt you want your users uploading .class files and dll to your system.
Also note: This solution is a whitelist and NOT a blacklist.
The following code snippet works to get past the issue CWE ID 73, if the directory path is static and just the filename is externally controlled :
//'DIRECTORY_PATH' is the directory of the file
//'filename' variable holds the name of the file
//'myFile' variable holds reference to the file object
File dir = new File(DIRECTORY_PATH);
FileFilter fileFilter = new WildcardFileFilter(filename);
File[] files = dir.listFiles(fileFilter);
File myFile = null ;
if(files.length == 1 )
myFile = files[0];
I have an analytics program that receives many values from a HTTP GET request and maps them into a table. My question pertains to changing the shorthand names I assigned to variables in the request into more full names before I write them to a log file. What is the best way for mapping the shorthand (e.g uid: KG) to the full names (User ID: KG )?
Currently I have a Map that puts all the relations in it ("uid": "User ID") on runtime. It uses a good number of calls to put every value in the map so I was wondering what is standard practice or most efficient, many put calls or is there a way to save a standard map to a file and load it in runtime?
Load a Properties object from a file is probably your best option. Instead of hard coding them in your program you can put them in a properties file like so:
uid=User ID
bid=Billy ID
...
THen load them using this API:
http://docs.oracle.com/javase/7/docs/api/java/util/Properties.html
I am trying to program a game engine in which users would be able to create multiple "level files." However, since the user would be able to make as many levels as they wanted, there's no set amount of levels or set names. I'm not really sure how to import the files in to the engine. I've tried assigning the files to an array but that didn't work well, as it couldn't find any of the methods that way. Currently I have the level files as java files with a method that sets the variables and sets any cutscene text there may be.
Instead of storing Data about user created levels within Java files, a better way to go about this would be to write a Level class which takes input from an external file such as a .txt file.
For example the user can create a file called "firstlevel.txt" and add it to the levels folder which would be able to be read by your Level class.
More specifically your constructor could be something like
Level startingLevel = new Level("startinglvl.txt");
which you could then add to an array of levels
Level[] levels = new Level[64];
and then just add to the array when the game needs to load a user generated level.
So what I'm trying to do is have different files to save custom level data so than the player can make their own level, save it and than later on choose which level to load, now I know there's the default FileHandle class, but that only saves a single string and that a problem for me because the way I'm saving it is I'm loading each object into an ArrayList, turning that ArrayList into a JSON string and then saving that string under the rooms ID for that level, so the Preference file would look like
Room ID 1
Json string
Room ID 2
JSON string
Room ID 3
Etc etc
Which is why using FileHandle wouldn't work because all the JSON strings would be saved together and I can't think of a way to separate them
So the question I'm asking is, using Preferences, is there a way I can allow the player to choose which file to load? Because the only way I can think of is to save each preference file's name in another file and loading that, but that's a bit convoluted and doesn't allow the player to load in New files if they get one from a friend for example