library-mirrors/sandbox.lua
1
0
Fork 0
mirror of https://github.com/kikito/lua-sandbox.git synced 2024-12-18 03:04:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

reformatting

Browse Source
This commit is contained in:
kikito 2013-09-03 11:51:10 +02:00
parent 31bac65e68
commit b22efe1ca8
1 changed files with 32 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
sandbox.lua
View File

@ -1,20 +1,41 @@
local BASE_ENV = {} local BASE_ENV = {}
-- Non-safe :
-- string.rep: can be used to allocate millions of bytes in 1 operation
-- {set|get}metatable: can be used to modify the metatable of global objects (strings, integers)
-- collectgarbage: can affect performance of other systems
-- dofile: can access the server filesystem
-- _G: Unsafe. It can be mocked though
-- load{file|string}: All unsafe because they can grant acces to global env
-- raw{get|set|equal}: Potentially unsafe
-- module|require|package: Can modify the host settings
-- string.dump: Can display confidential server info (implementation of functions)
-- string.rep: Can allocate millions of bytes in one go
-- math.randomseed: Can affect the host sytem
-- io.*, os.*: Most stuff there is non-save
([[ ([[
assert ipairs next pairs pcall tonumber tostring unpack select type _VERSION xpcall
string.byte string.char string.find string.format string.gmatch string.gsub _VERSION assert error ipairs next pairs
string.len string.lower string.match string.reverse string.sub string.upper pcall select tonumber tostring type unpack xpcall
table.insert table.maxn table.remove table.sort coroutine.create coroutine.resume coroutine.running coroutine.status
coroutine.wrap coroutine.yield
math.abs math.acos math.asin math.atan math.atan2 math.ceil math.cos math.abs math.acos math.asin math.atan math.atan2 math.ceil
math.cosh math.deg math.exp math.foor math.fmod math.frexp math.huge math.cos math.cosh math.deg math.exp math.fmod math.floor
math.ldexp math.log math.log10 math.max math.min math.modf math.pi math.frexp math.huge math.ldexp math.log math.log10 math.max
math.pow math.rad math.random math.sin math.sinh math.sqrt math.tan math.min math.modf math.pi math.pow math.rad math.random
math.tanh math.sin math.sinh math.sqrt math.tan math.tanh
os.clock os.difftime os.time
string.byte string.char string.find string.format string.gmatch
string.gsub string.len string.lower string.match string.reverse
string.sub string.upper
table.insert table.maxn table.remove table.sort
os.clock os.difftime os.time
]]):gsub('%S+', function(id) ]]):gsub('%S+', function(id)
local package, method = id:match('([^%.]+)%.([^%.]+)') local package, method = id:match('([^%.]+)%.([^%.]+)')
if package then if package then
@ -27,11 +48,11 @@ end)
local string_rep = string.rep local string_rep = string.rep
local function run(f, options) local function run(f, options)
if type(f) == 'string' then f = loadstring(f) end if type(f) == 'string' then f = loadstring(f) end
string.rep = nil string.rep = nil
setfenv(f, BASE_ENV) setfenv(f, BASE_ENV)
local result = f() local result = f()