mirror of
https://github.com/kikito/lua-sandbox.git
synced 2024-12-18 03:04:20 +00:00
added README and LICENSE
This commit is contained in:
parent
b1d69c89d7
commit
ee9c0f9164
20
MIT-LICENSE.txt
Normal file
20
MIT-LICENSE.txt
Normal file
@ -0,0 +1,20 @@
|
||||
Copyright (c) 2013 Enrique García Cota
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a
|
||||
copy of this software and associated documentation files (the
|
||||
"Software"), to deal in the Software without restriction, including
|
||||
without limitation the rights to use, copy, modify, merge, publish,
|
||||
distribute, sublicense, and/or sell copies of the Software, and to
|
||||
permit persons to whom the Software is furnished to do so, subject to
|
||||
the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included
|
||||
in all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
|
||||
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
|
||||
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
|
||||
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
|
||||
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
|
||||
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
58
README.md
Normal file
58
README.md
Normal file
@ -0,0 +1,58 @@
|
||||
sandbox.lua
|
||||
===========
|
||||
|
||||
A pure-lua solution for running untrusted Lua code.
|
||||
|
||||
For now, sandbox.lua only works with Lua 5.1.x.
|
||||
|
||||
Usage
|
||||
=====
|
||||
|
||||
local sandbox = require 'sandbox'
|
||||
|
||||
-- sandbox can handle both strings and functions
|
||||
local msg = sandbox(function() return 'this is untrusted code' end)
|
||||
local msg2 = sandbox("return 'this is also untrusted code'")
|
||||
|
||||
sandbox(function()
|
||||
-- see sandbox.lua for a list of safe and unsafe operations
|
||||
return ('I can use safe operations, like string.upper'):upper()
|
||||
end)
|
||||
|
||||
-- Attempting to invoke unsafe operations (such as os.execute) is not possible
|
||||
sandbox(function()
|
||||
os.execute('rm -rf /') -- this will throw an error, no damage don
|
||||
end)
|
||||
|
||||
-- It is not possible to exhaust the machine with infinite loops; the following
|
||||
-- will throw an error after invoking 500000 instructions:
|
||||
sandbox('while true do end')
|
||||
|
||||
-- The amount of instructions executed can be tweaked via the quota option
|
||||
sandbox('while true do end', {quota=10000}) -- throw error after 10000 instructions
|
||||
|
||||
-- It is also possible to use the env option to add additional variables to the environment
|
||||
sandbox('return foo', {env = {foo = 'This was on the environment'}})
|
||||
|
||||
Installation
|
||||
============
|
||||
|
||||
Just copy sandbox.lua wherever you need it.
|
||||
|
||||
License
|
||||
=======
|
||||
|
||||
This library is released under the MIT license. See MIT-LICENSE.txt for details
|
||||
|
||||
Specs
|
||||
=====
|
||||
|
||||
This project uses [busted](http://olivinelabs.com/busted/) for its specs. In order to run them, install `busted` and then:
|
||||
|
||||
cd /path/to/where/the/spec/folder/is
|
||||
busted
|
||||
|
||||
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user