---[==========================================================================[\r
- sandbox.lua: Lua sandboxing facilities\r
---[==========================================================================[\r
- Copyright (C) 2007 the VideoLAN team\r
- $Id$\r
-\r
- Authors: Antoine Cellerier <dionoea at videolan dot org>\r
-\r
- This program is free software; you can redistribute it and/or modify\r
- it under the terms of the GNU General Public License as published by\r
- the Free Software Foundation; either version 2 of the License, or\r
- (at your option) any later version.\r
-\r
- This program is distributed in the hope that it will be useful,\r
- but WITHOUT ANY WARRANTY; without even the implied warranty of\r
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\r
- GNU General Public License for more details.\r
-\r
- You should have received a copy of the GNU General Public License\r
- along with this program; if not, write to the Free Software\r
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.\r
---]==========================================================================]\r
-\r
-module("sandbox",package.seeall)\r
-\r
--- See Programming in Lua (second edition) for sandbox examples\r
--- See http://lua-users.org/wiki/SandBoxes for a list of SAFE/UNSAFE variables\r
-\r
-local sandbox_blacklist = {\r
- collectgarbage = true,\r
- dofile = true,\r
- _G = true,\r
- getfenv = true,\r
- getmetatable = true,\r
- load = true, -- Can be protected I guess\r
- loadfile = true, -- Can be protected I guess\r
- loadstring = true, -- Can be protected I guess\r
- rawequal = true,\r
- rawget = true,\r
- rawset = true,\r
- setfenv = true,\r
- setmetatable = true,\r
- module = true,\r
- require = true,\r
- package = true,\r
- debug = true,\r
-}\r
-\r
-function readonly_table_proxy(name,src,blacklist)\r
- if type(src)=="nil" then return end\r
- if type(src)~="table" then error("2nd argument must be a table (or nil)") end\r
- local name = name\r
- local t = src\r
- local blist = {}\r
- if blacklist then\r
- for _, v in pairs(blacklist) do\r
- blist[v] = true\r
- end\r
- end\r
- local metatable_readonly = {\r
- __index = function(self,key)\r
- if blist[key] then\r
- error("Sandbox: Access to `"..name.."."..key.."' is forbidden.")\r
- end\r
- return t[key]\r
- end,\r
- __newindex = function(self,key,value)\r
- error("It is forbidden to modify elements of this table.")\r
- end,\r
- }\r
- return setmetatable({},metatable_readonly)\r
-end\r
-\r
--- Of course, all of this is useless if the sandbox calling code has\r
--- another reference to one of these tables in his global environement.\r
-local sandbox_proxy = {\r
- coroutine = readonly_table_proxy("coroutine",coroutine),\r
- string = readonly_table_proxy("string",string,{"dump"}),\r
- table = readonly_table_proxy("table",table),\r
- math = readonly_table_proxy("math",math),\r
- io = readonly_table_proxy("io",io),\r
- os = readonly_table_proxy("os",os,{"exit","getenv","remove",\r
- "rename","setlocale"}),\r
- sandbox = readonly_table_proxy("sandbox",sandbox),\r
-}\r
-\r
-function sandbox(func,override)\r
- local _G = getfenv(2)\r
- local override = override or {}\r
- local sandbox_metatable =\r
- {\r
- __index = function(self,key)\r
- if override[key] then\r
- return override[key]\r
- end\r
- if sandbox_blacklist[key] then\r
- error( "Sandbox: Access to `"..key.."' is forbidden." )\r
- end\r
- --print(key,"not found in env. Looking in sandbox_proxy and _G")\r
- local value = sandbox_proxy[key] or _G[key]\r
- rawset(self,key,value) -- Keep a local copy\r
- return value\r
- end,\r
- __newindex = function(self,key,value)\r
- if override and override[key] then\r
- error( "Sandbox: Variable `"..key.."' is read only." )\r
- end\r
- return rawset(self,key,value)\r
- end,\r
- }\r
- local sandbox_env = setmetatable({},sandbox_metatable)\r
- return function(...)\r
- setfenv(func,sandbox_env)\r
- local ret = {func(...)} -- Not perfect (if func returns nil before\r
- -- another return value) ... but it's better\r
- -- than nothing\r
- setfenv(func,_G)\r
- return unpack(ret)\r
- end\r
+--[==========================================================================[
+ sandbox.lua: Lua sandboxing facilities
+--[==========================================================================[
+ Copyright (C) 2007 the VideoLAN team
+ $Id$
+
+ Authors: Antoine Cellerier <dionoea at videolan dot org>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
+--]==========================================================================]
+
+module("sandbox",package.seeall)
+
+-- See Programming in Lua (second edition) for sandbox examples
+-- See http://lua-users.org/wiki/SandBoxes for a list of SAFE/UNSAFE variables
+
+local sandbox_blacklist = {
+ collectgarbage = true,
+ dofile = true,
+ _G = true,
+ getfenv = true,
+ getmetatable = true,
+ load = true, -- Can be protected I guess
+ loadfile = true, -- Can be protected I guess
+ loadstring = true, -- Can be protected I guess
+ rawequal = true,
+ rawget = true,
+ rawset = true,
+ setfenv = true,
+ setmetatable = true,
+ module = true,
+ require = true,
+ package = true,
+ debug = true,
+}
+
+function readonly_table_proxy(name,src,blacklist)
+ if type(src)=="nil" then return end
+ if type(src)~="table" then error("2nd argument must be a table (or nil)") end
+ local name = name
+ local t = src
+ local blist = {}
+ if blacklist then
+ for _, v in pairs(blacklist) do
+ blist[v] = true
+ end
+ end
+ local metatable_readonly = {
+ __index = function(self,key)
+ if blist[key] then
+ error("Sandbox: Access to `"..name.."."..key.."' is forbidden.")
+ end
+ return t[key]
+ end,
+ __newindex = function(self,key,value)
+ error("It is forbidden to modify elements of this table.")
+ end,
+ }
+ return setmetatable({},metatable_readonly)
+end
+
+-- Of course, all of this is useless if the sandbox calling code has
+-- another reference to one of these tables in his global environement.
+local sandbox_proxy = {
+ coroutine = readonly_table_proxy("coroutine",coroutine),
+ string = readonly_table_proxy("string",string,{"dump"}),
+ table = readonly_table_proxy("table",table),
+ math = readonly_table_proxy("math",math),
+ io = readonly_table_proxy("io",io),
+ os = readonly_table_proxy("os",os,{"exit","getenv","remove",
+ "rename","setlocale"}),
+ sandbox = readonly_table_proxy("sandbox",sandbox),
+}
+
+function sandbox(func,override)
+ local _G = getfenv(2)
+ local override = override or {}
+ local sandbox_metatable =
+ {
+ __index = function(self,key)
+ if override[key] then
+ return override[key]
+ end
+ if sandbox_blacklist[key] then
+ error( "Sandbox: Access to `"..key.."' is forbidden." )
+ end
+ --print(key,"not found in env. Looking in sandbox_proxy and _G")
+ local value = sandbox_proxy[key] or _G[key]
+ rawset(self,key,value) -- Keep a local copy
+ return value
+ end,
+ __newindex = function(self,key,value)
+ if override and override[key] then
+ error( "Sandbox: Variable `"..key.."' is read only." )
+ end
+ return rawset(self,key,value)
+ end,
+ }
+ local sandbox_env = setmetatable({},sandbox_metatable)
+ return function(...)
+ setfenv(func,sandbox_env)
+ local ret = {func(...)} -- Not perfect (if func returns nil before
+ -- another return value) ... but it's better
+ -- than nothing
+ setfenv(func,_G)
+ return unpack(ret)
+ end
end
\ No newline at end of file