No it was working right, just better written the opposite way. With it returning false if the string is zero.
signed and unsigned bytes are both 8 bits long, ascii only covers 128 characters with the first 32 being non-printable or whitespace.
At this point it seems like you are blocking all printable characters, I canât imagine how this is useful to your users. Keep in mind programs, even viruses are carefully crafted, clobbering even one bit would ruin the entire program, theoretically you could pick a random position to insert or remove a single character or flip a bit and nearly every program wouldnât run.
Iâm really not, Iâve studied assembly programming and embedded development. I know what I say is true. My initial advice is solid, do not run Strings as programs and you will be fine. Your confusion about programs automatically running stems from a tramatic experience from misuing probably PHP, a ancient and ill-designed language prone to errors and likely billions of dollars in damages to website administrators around the globe.
- Godot does not automatically run Strings as code of any sort or as any language
- Godot does run Scripts if loaded through Resources, Scenes, or a GDScript
- machine code is not made of printable characters
- Both ASCII and UTF-8 do not use all 256 values in a byte for printable characters.
- bytes are not hooked up to capacitors, at best you could say each bit is hooked up to transistors but there are a lot more components
If you want to learn more Iâm happy to talk and provide resources, but I donât think instruction architectures, let alone hardware design are particularly relevant after âit doesnât run on itâs ownâ
Edit: For context this was in reply to some disparaging remarks, of which the post has been deleted.
On a side note, regardless of the architecture discussion which I am definitely not qualified enough to contribute in, I just wanted to quickly mention that such string validations are much more efficiently done with Regex, so I can only recommend doing that instead.
ChatGPT is good at suggesting regex patterns, as these are fairly hard to write correctly by yourself.
This does sound like better way of making the same solution. Another way that other people do, is save the file, not as plain text, but as unicode.
Unicode is plain text
Thought Iâd pop in and say a few things:
- I programmed on 8086 architecture when that was the only thing available. Iâve written assembler code. Iâve also worked professionally on hardening websites. I will vouch for everything @gertkeno said.
- PHP was a nightmare for security. Thatâs why to run a Wordpress site (of which I ran many, professionally, for many years) you have to constantly stay up on patches. You experienced one of PHPâs many security holes. Godot is not PHP.
- You would benefit from doing penetration testing before hardening. For example, try actually getting a program to run on your server by sending it in the password.
- If you really want help with this, you would benefit from being more precise with what issues you want to target and what your architecture looks like. What server OS are you using? What database are you using? A flavor of SQL or NoSQL? Are you writing all this in GDScript, C# as a headless instance of Godot? Or are you using another language completely? How do you think these attacks are going to get to the OS level of your server?
- I agree with @wchc about using RegEx. It is going to be so much faster than the massive replace function youâve written. And while it is a bit fiddly to learn, itâs not that bad once you get used to it. I recommend https://regexr.com/ to try out using regular expressions and testing them before you use them in code. Otherwise they will drive you nuts. All the code you wrote can be condensed to a very small regular expression.
- You do not need
pass
at the end of your function. - Finally, while some people undoubtedly have some experience with this kind of thing, youâd be much better asking questions like this to security experts instead of Godot engine experts. As @gertkeno pointed out, Godot doesnât do any kind of execution at the system level for you. So your issues are going to be from non-Godot areas. I recommend checking out https://security.stackexchange.com/ to ask security questions.
If youâre concerned about SQL Injection, hereâs a good article on how to prevent that in your code using Python. Maybe the same techniques can be applied in GDscript:
@tomg2012 really has the best answer here. If youâre worried about injection attacks (which makes sense if youâre accepting user input) then that depends on your execution environment, not on the text encoding. All a hacker needs to attempt an SQL injection attack are quotation marks and semicolons, filtering out non-ASCII characters will not protect against that. For a JavaScript injection attack on a web app, theyâd just need greater-than and less-than symbols (a.k.a. âangle bracketsâ). Some templating languages can be vulnerable to strings containing curly braces.
The important thing is to always escape user input in the way appropriate to the context. Every library youâre likely to run into at this point will have some method of properly escaping untrusted strings, you just need to use the method provided.