Commit Graph

16 Commits

Author SHA1 Message Date
Enrique García Cota
242a749c4d
feat(sandbox): only allow strings of Lua as params
This change drops support for "protecting" raw Lua functions.

There are two main reasons for this change:

* More modern versions of PUC Rio Lua don't have `setfenv`. It is
  possible to get around this by using the debug library, but that
  library is not available in all environments.
* Solutions based on `load` (which only allow string inputs) are
  objectively better since they give the user more control. For
  instance, you can deactivate support for binary code selectively.

As a result, we are using the `load`-based sandbox in all versions of
Lua that supports it, using `setfenv`-based sandboxing only when nothing
else is available (PUC Rio 5.1).

We are also explicitly raising an error if `options.mode` is passed but
we are using `setfenv`. This is to prevent users from believing they are
protected against binary code, when in fact they are not.
2021-01-05 13:13:43 +01:00
eskerda
67728e9ea4 feat(sandbox) return multiple values 2020-12-13 19:02:54 +01:00
eskerda
11ee23ae30 feat(sandbox) add load mode to string functions 2020-12-13 19:02:54 +01:00
eskerda
d49687555c chore(*) use busted for specs
it does no longer hang
2020-12-13 18:55:12 +01:00
kikito
bf995029ba passing false as a quota deactivates the hooks 2013-09-14 12:54:49 +02:00
kikito
549e31e7cd made _G available as a mocked up env inside the sandboxed env 2013-09-13 13:26:08 +02:00
kikito
83a5a2b1e2 moved specs from busted to telescope in order to fix issue with debug.sethook-based quota errors 2013-09-13 11:35:35 +02:00
kikito
e9ef4bb57c updated readme 2013-09-06 00:40:43 +02:00
kikito
36fb0929e0 added refs param 2013-09-03 18:07:03 +02:00
kikito
b1d69c89d7 cleanup 2013-09-03 16:41:46 +02:00
kikito
36be73e3a9 do not persist changes to the environment from sandbox to sandbox 2013-09-03 16:07:28 +02:00
kikito
c1e5b44938 naming & refactoring 2013-09-03 13:20:38 +02:00
kikito
57a914f082 accepts limit param 2013-09-03 13:14:42 +02:00
kikito
ea90a3c971 made sandbox immune to while trues 2013-09-03 12:53:26 +02:00
kikito
95069bd456 more fiddling with string.rep 2013-09-03 11:53:41 +02:00
kikito
31bac65e68 initial version 2013-09-02 22:11:33 +02:00