Summary
Update all entity data handling in ABS-Engine to use JSON serialization and deserialization instead of native Python dicts.
Motivation
- Using Python dicts for entity data can lead to code injection vulnerabilities, such as function or f-string injection, if any untrusted data is introduced.
- JSON provides a safe, restricted format for data and prevents accidental execution of code.
Tasks
- Identify all current locations where entity data is stored, loaded, or manipulated as Python dicts.
- Refactor the code to store and retrieve entity data in JSON format.
- Ensure all imports, exports, and intermediate handling of entity data are JSON-based.
- Add checks to reject non-JSON-conforming input.
- Test thoroughly to ensure no regressions and that all systems process JSON entity data correctly.
Impact
This is a significant update that improves the engine's security and robustness.
This change will prevent serious code injection issues and aligns with best security practices.
Summary
Update all entity data handling in ABS-Engine to use JSON serialization and deserialization instead of native Python dicts.
Motivation
Tasks
Impact
This is a significant update that improves the engine's security and robustness.
This change will prevent serious code injection issues and aligns with best security practices.