]> git.mxchange.org Git - addressbook-lib.git/commitdiff
Special characters cannot be securely written with direct writeBytes() and readLine...
authorRoland Haeder <roland@mxchange.org>
Mon, 27 Jul 2015 13:33:58 +0000 (15:33 +0200)
committerRoland Haeder <roland@mxchange.org>
Mon, 27 Jul 2015 13:33:58 +0000 (15:33 +0200)
Signed-off-by:Roland Häder <roland@mxchange.org>

Addressbook/src/org/mxchange/addressbook/database/backend/csv/CsvDatabaseBackend.java

index b09fe8fed8648f6a72e3003497805e2d5007c31c..49b31285026e9a749dce078e5f79f2b37a532323 100644 (file)
@@ -22,6 +22,7 @@ import java.io.IOException;
 import java.io.RandomAccessFile;
 import java.text.MessageFormat;
 import java.util.ArrayList;
+import java.util.Base64;
 import java.util.Iterator;
 import java.util.List;
 import java.util.StringTokenizer;
@@ -59,7 +60,7 @@ public class CsvDatabaseBackend extends BaseDatabaseBackend implements CsvBacken
                this.setTableName(tableName);
 
                // Construct file name
-               String fileName = String.format("data/table_%s.csv", tableName);
+               String fileName = String.format("data/table_%s.b64", tableName);
 
                // Debug message
                this.getLogger().debug(MessageFormat.format("Trying to open file {0} ...", fileName));
@@ -171,8 +172,11 @@ public class CsvDatabaseBackend extends BaseDatabaseBackend implements CsvBacken
                // Debug message
                this.getLogger().debug(MessageFormat.format("str({0})={1}", str.length(), str));
 
+               // Encode line in BASE-64
+               byte[] encoded = Base64.getEncoder().encode(str.trim().getBytes());
+
                // The string is now a valid CSV string
-               this.getStorageFile().writeBytes(str);
+               this.getStorageFile().write(encoded);
        }
 
        /**
@@ -298,13 +302,19 @@ public class CsvDatabaseBackend extends BaseDatabaseBackend implements CsvBacken
                                // Get next token
                                String token = tokenizer.nextToken();
 
+                               // If char " is at pos 2 (0,1,2), then cut it of there
+                               if ((token.charAt(0) != '"') && (token.charAt(2) == '"')) {
+                                       // UTF-8 writer characters found
+                                       token = token.substring(2);
+                               }
+                               
                                // Debug message
                                this.getLogger().debug(MessageFormat.format("token={0}", token));
 
                                // Verify token, it must have double-quotes on each side
                                if ((!token.startsWith("\"")) || (!token.endsWith("\""))) {
                                        // Something bad was read
-                                       throw new BadTokenException(MessageFormat.format("Token {0} has not double-quotes on both ends.", token));
+                                       throw new BadTokenException(MessageFormat.format("Token {0} at position {1} has not double-quotes on both ends.", token, count));
                                }
 
                                // All fine, so remove it
@@ -516,7 +526,13 @@ public class CsvDatabaseBackend extends BaseDatabaseBackend implements CsvBacken
                String input = null;
 
                try {
-                       input = this.getStorageFile().readLine();
+                       String base64 = this.getStorageFile().readLine();
+
+                       // Decode BASE-64
+                       byte[] decoded = Base64.getDecoder().decode(base64);
+
+                       // Convert to string
+                       input = new String(decoded);
                } catch (final IOException ex) {
                        this.getLogger().catching(ex);
                }