Add loading object to file and reading object from file
parent
04e8cb3453
commit
189b029bbc
|
@ -1,8 +1,7 @@
|
||||||
import java.io.File;
|
import java.io.*;
|
||||||
import java.io.FileWriter;
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.util.Scanner;
|
import java.util.Scanner;
|
||||||
|
|
||||||
|
// TODO: close scanner etc after use
|
||||||
public class FileManager {
|
public class FileManager {
|
||||||
public static void writeFile(String fileLocation, String writeString) throws IOException {
|
public static void writeFile(String fileLocation, String writeString) throws IOException {
|
||||||
File newFile = new File(fileLocation);
|
File newFile = new File(fileLocation);
|
||||||
|
@ -22,4 +21,16 @@ public class FileManager {
|
||||||
return fileReader.useDelimiter("\\Z").next();
|
return fileReader.useDelimiter("\\Z").next();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static Object readObjectFromFile(String fileLocation, String allowedObject) throws IOException, ClassNotFoundException {
|
||||||
|
FileInputStream fileStream = new FileInputStream(fileLocation);
|
||||||
|
SafeObjectInputStream objectStream = new SafeObjectInputStream(fileStream, allowedObject);
|
||||||
|
return objectStream.readObject();
|
||||||
|
}
|
||||||
|
|
||||||
|
public static void writeObjectToFile(String fileLocation, Object o) throws IOException {
|
||||||
|
FileOutputStream fileStream = new FileOutputStream(fileLocation);
|
||||||
|
ObjectOutputStream objectStream = new ObjectOutputStream(fileStream);
|
||||||
|
objectStream.writeObject(o);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,24 @@
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.io.InputStream;
|
||||||
|
import java.io.ObjectInputStream;
|
||||||
|
import java.io.ObjectStreamClass;
|
||||||
|
|
||||||
|
public class SafeObjectInputStream extends ObjectInputStream {
|
||||||
|
|
||||||
|
String allowedClass;
|
||||||
|
|
||||||
|
public SafeObjectInputStream(InputStream in, String allowedClass) throws IOException {
|
||||||
|
super(in);
|
||||||
|
this.allowedClass = allowedClass;
|
||||||
|
}
|
||||||
|
|
||||||
|
// local files are generally assumed to be safe, but this additional check slightly hardens the application against using arbitrary attacks to exploit
|
||||||
|
// please note that it is still insecure; don't use in sensitive contexts!
|
||||||
|
@Override
|
||||||
|
protected Class<?> resolveClass(ObjectStreamClass desc) throws IOException, ClassNotFoundException {
|
||||||
|
if (!desc.getName().equals(allowedClass)) {
|
||||||
|
throw new SecurityException();
|
||||||
|
}
|
||||||
|
return super.resolveClass(desc);
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,4 +1,6 @@
|
||||||
import java.awt.event.KeyEvent;
|
import java.awt.event.KeyEvent;
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.io.ObjectInputStream;
|
||||||
import java.lang.reflect.Array;
|
import java.lang.reflect.Array;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue