From b22efe1ca81a915e8883a3b8c3b468034f399571 Mon Sep 17 00:00:00 2001 From: kikito Date: Tue, 3 Sep 2013 11:51:10 +0200 Subject: [PATCH] reformatting --- sandbox.lua | 43 ++++++++++++++++++++++++++++++++----------- 1 file changed, 32 insertions(+), 11 deletions(-) diff --git a/sandbox.lua b/sandbox.lua index 9fdece8..1025a35 100644 --- a/sandbox.lua +++ b/sandbox.lua @@ -1,20 +1,41 @@ local BASE_ENV = {} +-- Non-safe : +-- string.rep: can be used to allocate millions of bytes in 1 operation +-- {set|get}metatable: can be used to modify the metatable of global objects (strings, integers) +-- collectgarbage: can affect performance of other systems +-- dofile: can access the server filesystem +-- _G: Unsafe. It can be mocked though +-- load{file|string}: All unsafe because they can grant acces to global env +-- raw{get|set|equal}: Potentially unsafe +-- module|require|package: Can modify the host settings +-- string.dump: Can display confidential server info (implementation of functions) +-- string.rep: Can allocate millions of bytes in one go +-- math.randomseed: Can affect the host sytem +-- io.*, os.*: Most stuff there is non-save + ([[ - assert ipairs next pairs pcall tonumber tostring unpack select type _VERSION xpcall - string.byte string.char string.find string.format string.gmatch string.gsub - string.len string.lower string.match string.reverse string.sub string.upper +_VERSION assert error ipairs next pairs +pcall select tonumber tostring type unpack xpcall - table.insert table.maxn table.remove table.sort +coroutine.create coroutine.resume coroutine.running coroutine.status +coroutine.wrap coroutine.yield - math.abs math.acos math.asin math.atan math.atan2 math.ceil math.cos - math.cosh math.deg math.exp math.foor math.fmod math.frexp math.huge - math.ldexp math.log math.log10 math.max math.min math.modf math.pi - math.pow math.rad math.random math.sin math.sinh math.sqrt math.tan - math.tanh +math.abs math.acos math.asin math.atan math.atan2 math.ceil +math.cos math.cosh math.deg math.exp math.fmod math.floor +math.frexp math.huge math.ldexp math.log math.log10 math.max +math.min math.modf math.pi math.pow math.rad math.random +math.sin math.sinh math.sqrt math.tan math.tanh + +os.clock os.difftime os.time + +string.byte string.char string.find string.format string.gmatch +string.gsub string.len string.lower string.match string.reverse +string.sub string.upper + +table.insert table.maxn table.remove table.sort - os.clock os.difftime os.time ]]):gsub('%S+', function(id) local package, method = id:match('([^%.]+)%.([^%.]+)') if package then @@ -27,11 +48,11 @@ end) local string_rep = string.rep - local function run(f, options) if type(f) == 'string' then f = loadstring(f) end string.rep = nil + setfenv(f, BASE_ENV) local result = f()