Block access to the `io` library
parent
f8ad01ab7c
commit
2e3778ec0c
|
@ -197,6 +197,7 @@ assert(table.indexof({"foo", "bar"}, "foo") == 1)
|
||||||
assert(table.indexof({"foo", "bar"}, "baz") == -1)
|
assert(table.indexof({"foo", "bar"}, "baz") == -1)
|
||||||
|
|
||||||
--------------------------------------------------------------------------------
|
--------------------------------------------------------------------------------
|
||||||
|
if INIT ~= "client" then
|
||||||
function file_exists(filename)
|
function file_exists(filename)
|
||||||
local f = io.open(filename, "r")
|
local f = io.open(filename, "r")
|
||||||
if f == nil then
|
if f == nil then
|
||||||
|
@ -206,7 +207,7 @@ function file_exists(filename)
|
||||||
return true
|
return true
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
end
|
||||||
--------------------------------------------------------------------------------
|
--------------------------------------------------------------------------------
|
||||||
function string:trim()
|
function string:trim()
|
||||||
return (self:gsub("^%s*(.-)%s*$", "%1"))
|
return (self:gsub("^%s*(.-)%s*$", "%1"))
|
||||||
|
|
|
@ -123,6 +123,7 @@ void ScriptApiSecurity::initializeSecurity()
|
||||||
"path",
|
"path",
|
||||||
"searchpath",
|
"searchpath",
|
||||||
};
|
};
|
||||||
|
#if USE_LUAJIT
|
||||||
static const char *jit_whitelist[] = {
|
static const char *jit_whitelist[] = {
|
||||||
"arch",
|
"arch",
|
||||||
"flush",
|
"flush",
|
||||||
|
@ -134,7 +135,7 @@ void ScriptApiSecurity::initializeSecurity()
|
||||||
"version",
|
"version",
|
||||||
"version_num",
|
"version_num",
|
||||||
};
|
};
|
||||||
|
#endif
|
||||||
m_secure = true;
|
m_secure = true;
|
||||||
|
|
||||||
lua_State *L = getStack();
|
lua_State *L = getStack();
|
||||||
|
@ -245,13 +246,6 @@ void ScriptApiSecurity::initializeSecurityClient()
|
||||||
"table",
|
"table",
|
||||||
"math",
|
"math",
|
||||||
};
|
};
|
||||||
static const char *io_whitelist[] = {
|
|
||||||
"close",
|
|
||||||
"flush",
|
|
||||||
"read",
|
|
||||||
"type",
|
|
||||||
"write",
|
|
||||||
};
|
|
||||||
static const char *os_whitelist[] = {
|
static const char *os_whitelist[] = {
|
||||||
"clock",
|
"clock",
|
||||||
"date",
|
"date",
|
||||||
|
@ -263,6 +257,7 @@ void ScriptApiSecurity::initializeSecurityClient()
|
||||||
"getinfo",
|
"getinfo",
|
||||||
};
|
};
|
||||||
|
|
||||||
|
#if USE_LUAJIT
|
||||||
static const char *jit_whitelist[] = {
|
static const char *jit_whitelist[] = {
|
||||||
"arch",
|
"arch",
|
||||||
"flush",
|
"flush",
|
||||||
|
@ -274,6 +269,7 @@ void ScriptApiSecurity::initializeSecurityClient()
|
||||||
"version",
|
"version",
|
||||||
"version_num",
|
"version_num",
|
||||||
};
|
};
|
||||||
|
#endif
|
||||||
|
|
||||||
m_secure = true;
|
m_secure = true;
|
||||||
|
|
||||||
|
@ -294,20 +290,6 @@ void ScriptApiSecurity::initializeSecurityClient()
|
||||||
lua_pop(L, 1);
|
lua_pop(L, 1);
|
||||||
|
|
||||||
|
|
||||||
// Copy safe IO functions
|
|
||||||
lua_getfield(L, old_globals, "io");
|
|
||||||
lua_newtable(L);
|
|
||||||
copy_safe(L, io_whitelist, sizeof(io_whitelist));
|
|
||||||
|
|
||||||
// And replace unsafe ones
|
|
||||||
SECURE_API(io, open);
|
|
||||||
SECURE_API(io, input);
|
|
||||||
SECURE_API(io, output);
|
|
||||||
SECURE_API(io, lines);
|
|
||||||
|
|
||||||
lua_setglobal(L, "io");
|
|
||||||
lua_pop(L, 1); // Pop old IO
|
|
||||||
|
|
||||||
|
|
||||||
// Copy safe OS functions
|
// Copy safe OS functions
|
||||||
lua_getfield(L, old_globals, "os");
|
lua_getfield(L, old_globals, "os");
|
||||||
|
@ -324,10 +306,6 @@ void ScriptApiSecurity::initializeSecurityClient()
|
||||||
lua_setglobal(L, "debug");
|
lua_setglobal(L, "debug");
|
||||||
lua_pop(L, 1); // Pop old debug
|
lua_pop(L, 1); // Pop old debug
|
||||||
|
|
||||||
// Remove all of package
|
|
||||||
lua_newtable(L);
|
|
||||||
lua_setglobal(L, "package");
|
|
||||||
|
|
||||||
#if USE_LUAJIT
|
#if USE_LUAJIT
|
||||||
// Copy safe jit functions, if they exist
|
// Copy safe jit functions, if they exist
|
||||||
lua_getfield(L, -1, "jit");
|
lua_getfield(L, -1, "jit");
|
||||||
|
|
Loading…
Reference in New Issue