Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Room data is stored and reloaded #59

Open
wants to merge 3 commits into
base: master
from
Open

Room data is stored and reloaded #59

wants to merge 3 commits into from

Conversation

@sjohnson31
Copy link
Owner

sjohnson31 commented Nov 22, 2019

No description provided.

@sjohnson31 sjohnson31 force-pushed the store_room_data branch from 2f780b0 to 467d5bb Nov 22, 2019
@sjohnson31 sjohnson31 force-pushed the store_room_data branch from 467d5bb to ec57f51 Nov 22, 2019
fixes #57
@sjohnson31 sjohnson31 force-pushed the store_room_data branch from a08c8b3 to edaba5e Nov 22, 2019
Copy link
Collaborator

sburba left a comment

YAY

@@ -14,6 +14,8 @@ jobs:
command: |
python -m venv venv
. ./venv/bin/activate
PYTHONPATH=./src/:$PYTHONPATH

This comment has been minimized.

Copy link
@sburba

sburba Nov 22, 2019

Collaborator

Get rid of this ya dingus


class RoomStore:
def __init__(self):
self.path = os.environ['ROOM_STORE_DIR']

This comment has been minimized.

Copy link
@sburba

sburba Nov 22, 2019

Collaborator

This should be a constructor argument. The only thing that should read environment variables is your entrypoint

return os.listdir(self.path)

def write_room_data(self, room: str, data: dict):
with open(f'{self.path}/{room}', 'w') as f:

This comment has been minimized.

Copy link
@sburba

sburba Nov 22, 2019

Collaborator

This is scary, if room ids ever become user-controllable (via a bug or otherwise) then room ids like ../../../ will allow malicious actors to overwrite important files. You should verify that the resulting path is a child of the room directory before writing.

See here for an example: https://security.openstack.org/guidelines/dg_using-file-paths.html

def get_all_room_ids(self) -> list:
return os.listdir(self.path)

def write_room_data(self, room: str, data: dict):

This comment has been minimized.

Copy link
@sburba

sburba Nov 22, 2019

Collaborator

Everywhere else this is called room_id, probably makes sense to continue that pattern here

api/tests/test_game_state_server.py Show resolved Hide resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.