logo

Rust crates reviews

Cryptographically verifiable, distributed dependency reviews

crate: tiled-json-rs

https://lib.rs/crates/tiled-json-rs/

Rust links:

Rust-lang.org

lib.rs

crates.io

docs.rs

Add the last reviewed version to Cargo.toml / [dependencies]:

tiled-json-rs = "0.2.6"

Please, use mobile in landscape.

Filter reviews clicking on the numbers in the summary.

Full column names in tooltip hints: rating Negative, rating Neutral, rating Positive, rating Strong, thoroughness, understanding, reviews count.

Neg
Neu
Pos
Str
tho
und
rev
crate
2
2
2
2
0.2.6
2
2
2
2
crate version
rating
date
reviewer
thoroughness, understanding
tiled-json-rs 0.2.6
negative
2019-09-02
MaulingMonkey
medium, medium

Do not use on User Generated Content!

  • Vulnerable to path traversal attacks if fed bogus .tmx files (see Tileset::new_reference)
  • A couple cases where bad input will panic, a potential DoS vector.

For game engines, there's also no great way to inject your own virtual filesystem callbacks (again see Tileset::new_reference)

Pros:

  • JSON is lighter weight than XML
  • Fuller format support vs tiled

Cons:

  • No compression
  • API is just as raw in many ways
  • Requires exporting.
  • Slightly unusual license for rust projects (MPL, instead of MIT/Apache 2)

Detail

FileRatingNotes
src/layer.rs0Raw structures
src/lib.rs+1
src/map.rs+1
src/object.rs+1
src/parsers.rs0No decompression support, can panic (not suitable for user generated content)
src/tile_set.rs-1Not suitable for user generated content!
src/utils.rs+1
src/wangs.rs+1
.cargo_vcs_info.json+1
.cargo-ok+1
Cargo.toml+1
Cargo.toml.orig+1
LICENSE+1
OtherRatingNotes
unsafe+1None
fs-1Path traversal
io+1serde
docs+1
tests-1Not in crate, maybe in repository

src/layer.rs

LineWhatNotes
17TileLayer::chunksOption seems kinda pointless, also this API is meh
129DrawOrderThere are at least 4 draw modes now for layers - although there's also Map / RenderOrder.... blehrg (top->down left->right, top->down right->left, ...)

src/parsers.rs

LineWhatNotes
129parse_color blueDespite earlier padding, no guarantee this is valid / may panic (both for overflowing and for not being a unicode boundary.)

src/tile_set.rs

LineWhatNotes
121Deserialize for TileSetFile::open - path traversal attacks, lack of virtual filesystem support, etc.
tiled-json-rs 0.2.6
negative
2019-09-05
MaulingMonkey
medium, medium
issues:
https://gitlab.com/ljcode/tiled-json-rs/issues/1
high
Path traversal attacks?
issues:
https://gitlab.com/ljcode/tiled-json-rs/issues/2
medium
Panic on bad data (DoS source via UGC?)

Do not use on User Generated Content!

  • Vulnerable to path traversal attacks if fed bogus .tmx files (see Tileset::new_reference)
  • A couple cases where bad input will panic, a potential DoS vector.

For game engines, there's also no great way to inject your own virtual filesystem callbacks (again see Tileset::new_reference)

Pros:

  • JSON is lighter weight than XML
  • Fuller format support vs tiled

Cons:

  • No compression
  • API is just as raw in many ways
  • Requires exporting.
  • Slightly unusual license for rust projects (MPL, instead of MIT/Apache 2)

Detail

FileRatingNotes
src/layer.rs0Raw structures
src/lib.rs+1
src/map.rs+1
src/object.rs+1
src/parsers.rs0No decompression support, can panic (not suitable for user generated content)
src/tile_set.rs-1Not suitable for user generated content!
src/utils.rs+1
src/wangs.rs+1
.cargo_vcs_info.json+1
.cargo-ok+1
Cargo.toml+1
Cargo.toml.orig+1
LICENSE+1
OtherRatingNotes
unsafe+1None
fs-1Path traversal
io+1serde
docs+1
tests0Not in crate, but found in repository (https://gitlab.com/ljcode/tiled-json-rs/tree/master/tests)

src/layer.rs

LineWhatNotes
17TileLayer::chunksOption seems kinda pointless, also this API is meh
129DrawOrderThere are at least 4 draw modes now for layers - although there's also Map / RenderOrder.... blehrg (top->down left->right, top->down right->left, ...)

src/parsers.rs

LineWhatNotes
129parse_color blueDespite earlier padding, no guarantee this is valid / may panic (both for overflowing and for not being a unicode boundary.)

src/tile_set.rs

LineWhatNotes
121Deserialize for TileSetFile::open - path traversal attacks, lack of virtual filesystem support, etc.

© bestia.dev 2023, MIT License, Version: 2023.608.1636

Open source repository for this web app: https://github.com/bestia-dev/cargo_crev_web/