Add loading object to file and reading object from file

master
John 2022-06-10 11:23:28 -04:00
parent 04e8cb3453
commit 189b029bbc
3 changed files with 40 additions and 3 deletions

View File

@ -1,8 +1,7 @@
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.io.*;
import java.util.Scanner;
// TODO: close scanner etc after use
public class FileManager {
public static void writeFile(String fileLocation, String writeString) throws IOException {
File newFile = new File(fileLocation);
@ -22,4 +21,16 @@ public class FileManager {
return fileReader.useDelimiter("\\Z").next();
}
}
public static Object readObjectFromFile(String fileLocation, String allowedObject) throws IOException, ClassNotFoundException {
FileInputStream fileStream = new FileInputStream(fileLocation);
SafeObjectInputStream objectStream = new SafeObjectInputStream(fileStream, allowedObject);
return objectStream.readObject();
}
public static void writeObjectToFile(String fileLocation, Object o) throws IOException {
FileOutputStream fileStream = new FileOutputStream(fileLocation);
ObjectOutputStream objectStream = new ObjectOutputStream(fileStream);
objectStream.writeObject(o);
}
}

View File

@ -0,0 +1,24 @@
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectStreamClass;
public class SafeObjectInputStream extends ObjectInputStream {
String allowedClass;
public SafeObjectInputStream(InputStream in, String allowedClass) throws IOException {
super(in);
this.allowedClass = allowedClass;
}
// local files are generally assumed to be safe, but this additional check slightly hardens the application against using arbitrary attacks to exploit
// please note that it is still insecure; don't use in sensitive contexts!
@Override
protected Class<?> resolveClass(ObjectStreamClass desc) throws IOException, ClassNotFoundException {
if (!desc.getName().equals(allowedClass)) {
throw new SecurityException();
}
return super.resolveClass(desc);
}
}

View File

@ -1,4 +1,6 @@
import java.awt.event.KeyEvent;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.lang.reflect.Array;
import java.util.ArrayList;