A concern of mine for a while now has been the closing of some security issues in my game, primarily by virtue of removing usages of “exec” and “eval” that seemed problematic.
Now only one system remains as a significant security issue, I think: The localisation/text-string system.
As things are currently implemented, each group of text-strings within my game is a Python module, with each individual text-string being a variable within that module.
So, for example, the text-strings specific to the first level might be stored in a module named “level1”, and a text-string with id “someObject” might then be accessed as “level1.someObject”.
In order to gain access to a given group of text-strings, the relevant Python module is dynamically imported.
Now, this incurs a security risk: since the system dynamically imports these text-string modules, it would likely be possible to include malicious code in a module, causing it to be run on importation.
Furthermore, when a text-string is accessed, the code to this end (e.g. “level1.someObject”, as above) is dynamically generated–after all, the underlying system doesn’t know what modules or objects might exist. This process then uses “eval” in order to run that dynamically-generated code, once again incurring a security risk.
Now, I have an idea as to how I might rework this to remove the security issues: I currently have it in mind to essentially replace the “module-and-variable” approach with a “dictionary-of-dictionaries” approach. What was the module-name would become the first dictionary-key, and what was the variable-name would become the second dictionary key.
As far as I see, this should function, and should be safe.
However, what I don’t know is whether it will perform well, or have other issues that I’m not aware of.
So, before I go and rework my localisation/text-string system in this way, I’d like to ask here: is this “dictionary-of-dictionaries” approach a good idea? Are there likely to be performance issues associated with it? Are there any other issues that it might be a good idea for me to be aware of?
For reference:
- My game accesses these text-strings fairly often, and does so mid-gameplay.
- As a result it would be problematic to have the program hitch noticeably while accessing a text-string, I fear.
- Based on a quick parsing, I think that I have about 1400 text-strings thus far, and the game is still quite unfinished.
- The final count could add another five-hundred to a thousand strings, at a guess.
- Furthermore, I’d ideally like this system to be somewhat future-proof, with the potential to be used in subsequent games of unknown size.