From ee9c0f91648726ccca9f07e57818d071aa175149 Mon Sep 17 00:00:00 2001 From: kikito Date: Tue, 3 Sep 2013 17:13:39 +0200 Subject: [PATCH] added README and LICENSE --- MIT-LICENSE.txt | 20 +++++++++++++++++ README.md | 58 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+) create mode 100644 MIT-LICENSE.txt create mode 100644 README.md diff --git a/MIT-LICENSE.txt b/MIT-LICENSE.txt new file mode 100644 index 0000000..555835c --- /dev/null +++ b/MIT-LICENSE.txt @@ -0,0 +1,20 @@ +Copyright (c) 2013 Enrique GarcĂ­a Cota + +Permission is hereby granted, free of charge, to any person obtaining a +copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..a33dad4 --- /dev/null +++ b/README.md @@ -0,0 +1,58 @@ +sandbox.lua +=========== + +A pure-lua solution for running untrusted Lua code. + +For now, sandbox.lua only works with Lua 5.1.x. + +Usage +===== + + local sandbox = require 'sandbox' + + -- sandbox can handle both strings and functions + local msg = sandbox(function() return 'this is untrusted code' end) + local msg2 = sandbox("return 'this is also untrusted code'") + + sandbox(function() + -- see sandbox.lua for a list of safe and unsafe operations + return ('I can use safe operations, like string.upper'):upper() + end) + + -- Attempting to invoke unsafe operations (such as os.execute) is not possible + sandbox(function() + os.execute('rm -rf /') -- this will throw an error, no damage don + end) + + -- It is not possible to exhaust the machine with infinite loops; the following + -- will throw an error after invoking 500000 instructions: + sandbox('while true do end') + + -- The amount of instructions executed can be tweaked via the quota option + sandbox('while true do end', {quota=10000}) -- throw error after 10000 instructions + + -- It is also possible to use the env option to add additional variables to the environment + sandbox('return foo', {env = {foo = 'This was on the environment'}}) + +Installation +============ + +Just copy sandbox.lua wherever you need it. + +License +======= + +This library is released under the MIT license. See MIT-LICENSE.txt for details + +Specs +===== + +This project uses [busted](http://olivinelabs.com/busted/) for its specs. In order to run them, install `busted` and then: + + cd /path/to/where/the/spec/folder/is + busted + + + + +