Skip to content

V
vlc
Commit a58afd27 authored by Antoine Cellerier's avatar Antoine Cellerier
Browse files
Options

Remove windows line endings (I don't understand how they got here in the first place...)

parent d2f02db8
Hide whitespace changes
Inline Side-by-side
Showing with 119 additions and 119 deletions
share/luaintf/modules/sandbox.lua
View file @ a58afd27
--[==========================================================================[ --[==========================================================================[
sandbox.lua: Lua sandboxing facilities sandbox.lua: Lua sandboxing facilities
--[==========================================================================[ --[==========================================================================[
Copyright (C) 2007 the VideoLAN team Copyright (C) 2007 the VideoLAN team
$Id$ $Id$
Authors: Antoine Cellerier <dionoea at videolan dot org> Authors: Antoine Cellerier <dionoea at videolan dot org>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or the Free Software Foundation; either version 2 of the License, or
(at your option) any later version. (at your option) any later version.
This program is distributed in the hope that it will be useful, This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details. GNU General Public License for more details.
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA. Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
--]==========================================================================] --]==========================================================================]
module("sandbox",package.seeall) module("sandbox",package.seeall)
-- See Programming in Lua (second edition) for sandbox examples -- See Programming in Lua (second edition) for sandbox examples
-- See http://lua-users.org/wiki/SandBoxes for a list of SAFE/UNSAFE variables -- See http://lua-users.org/wiki/SandBoxes for a list of SAFE/UNSAFE variables
local sandbox_blacklist = { local sandbox_blacklist = {
collectgarbage = true, collectgarbage = true,
dofile = true, dofile = true,
_G = true, _G = true,
getfenv = true, getfenv = true,
getmetatable = true, getmetatable = true,
load = true, -- Can be protected I guess load = true, -- Can be protected I guess
loadfile = true, -- Can be protected I guess loadfile = true, -- Can be protected I guess
loadstring = true, -- Can be protected I guess loadstring = true, -- Can be protected I guess
rawequal = true, rawequal = true,
rawget = true, rawget = true,
rawset = true, rawset = true,
setfenv = true, setfenv = true,
setmetatable = true, setmetatable = true,
module = true, module = true,
require = true, require = true,
package = true, package = true,
debug = true, debug = true,
} }
function readonly_table_proxy(name,src,blacklist) function readonly_table_proxy(name,src,blacklist)
if type(src)=="nil" then return end if type(src)=="nil" then return end
if type(src)~="table" then error("2nd argument must be a table (or nil)") end if type(src)~="table" then error("2nd argument must be a table (or nil)") end
local name = name local name = name
local t = src local t = src
local blist = {} local blist = {}
if blacklist then if blacklist then
for _, v in pairs(blacklist) do for _, v in pairs(blacklist) do
blist[v] = true blist[v] = true
end end
end end
local metatable_readonly = { local metatable_readonly = {
__index = function(self,key) __index = function(self,key)
if blist[key] then if blist[key] then
error("Sandbox: Access to `"..name.."."..key.."' is forbidden.") error("Sandbox: Access to `"..name.."."..key.."' is forbidden.")
end end
return t[key] return t[key]
end, end,
__newindex = function(self,key,value) __newindex = function(self,key,value)
error("It is forbidden to modify elements of this table.") error("It is forbidden to modify elements of this table.")
end, end,
} }
return setmetatable({},metatable_readonly) return setmetatable({},metatable_readonly)
end end
-- Of course, all of this is useless if the sandbox calling code has -- Of course, all of this is useless if the sandbox calling code has
-- another reference to one of these tables in his global environement. -- another reference to one of these tables in his global environement.
local sandbox_proxy = { local sandbox_proxy = {
coroutine = readonly_table_proxy("coroutine",coroutine), coroutine = readonly_table_proxy("coroutine",coroutine),
string = readonly_table_proxy("string",string,{"dump"}), string = readonly_table_proxy("string",string,{"dump"}),
table = readonly_table_proxy("table",table), table = readonly_table_proxy("table",table),
math = readonly_table_proxy("math",math), math = readonly_table_proxy("math",math),
io = readonly_table_proxy("io",io), io = readonly_table_proxy("io",io),
os = readonly_table_proxy("os",os,{"exit","getenv","remove", os = readonly_table_proxy("os",os,{"exit","getenv","remove",
"rename","setlocale"}), "rename","setlocale"}),
sandbox = readonly_table_proxy("sandbox",sandbox), sandbox = readonly_table_proxy("sandbox",sandbox),
} }
function sandbox(func,override) function sandbox(func,override)
local _G = getfenv(2) local _G = getfenv(2)
local override = override or {} local override = override or {}
local sandbox_metatable = local sandbox_metatable =
{ {
__index = function(self,key) __index = function(self,key)
if override[key] then if override[key] then
return override[key] return override[key]
end end
if sandbox_blacklist[key] then if sandbox_blacklist[key] then
error( "Sandbox: Access to `"..key.."' is forbidden." ) error( "Sandbox: Access to `"..key.."' is forbidden." )
end end
--print(key,"not found in env. Looking in sandbox_proxy and _G") --print(key,"not found in env. Looking in sandbox_proxy and _G")
local value = sandbox_proxy[key] or _G[key] local value = sandbox_proxy[key] or _G[key]
rawset(self,key,value) -- Keep a local copy rawset(self,key,value) -- Keep a local copy
return value return value
end, end,
__newindex = function(self,key,value) __newindex = function(self,key,value)
if override and override[key] then if override and override[key] then
error( "Sandbox: Variable `"..key.."' is read only." ) error( "Sandbox: Variable `"..key.."' is read only." )
end end
return rawset(self,key,value) return rawset(self,key,value)
end, end,
} }
local sandbox_env = setmetatable({},sandbox_metatable) local sandbox_env = setmetatable({},sandbox_metatable)
return function(...) return function(...)
setfenv(func,sandbox_env) setfenv(func,sandbox_env)
local ret = {func(...)} -- Not perfect (if func returns nil before local ret = {func(...)} -- Not perfect (if func returns nil before
-- another return value) ... but it's better -- another return value) ... but it's better
-- than nothing -- than nothing
setfenv(func,_G) setfenv(func,_G)
return unpack(ret) return unpack(ret)
end end
end end
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment