Commit Graph

12 Commits

Author SHA1 Message Date
Enrique García Cota
71223d4fe9
feat(sandbox) explicitly drop support of quotas on LuaJIT
The solution we use in PUC Rio Lua (with debug.sethook) simply does not
work in LuaJIT.

* We have added a `sandbox.quota_supported` field to signal this feature
  (or lack of thereof)
* We explicitly return an error if `options.quota` is passed on a LuaJIT
  environment, in order to prevent LuaJIT users from believing that they
  are protected against infinite loops.
2021-01-05 13:21:26 +01:00
Enrique García Cota
242a749c4d
feat(sandbox): only allow strings of Lua as params
This change drops support for "protecting" raw Lua functions.

There are two main reasons for this change:

* More modern versions of PUC Rio Lua don't have `setfenv`. It is
  possible to get around this by using the debug library, but that
  library is not available in all environments.
* Solutions based on `load` (which only allow string inputs) are
  objectively better since they give the user more control. For
  instance, you can deactivate support for binary code selectively.

As a result, we are using the `load`-based sandbox in all versions of
Lua that supports it, using `setfenv`-based sandboxing only when nothing
else is available (PUC Rio 5.1).

We are also explicitly raising an error if `options.mode` is passed but
we are using `setfenv`. This is to prevent users from believing they are
protected against binary code, when in fact they are not.
2021-01-05 13:13:43 +01:00
eskerda
d49687555c chore(*) use busted for specs
it does no longer hang
2020-12-13 18:55:12 +01:00
eskerda
3d3a8c7549 chore(*) lua > 5.1 compatibility
* add a setfenv implementation
2020-12-13 18:54:55 +01:00
kikito
a4c0a9ad3d edit README 2014-04-28 13:58:39 +02:00
kikito
779c5c4bb0 edit README 2014-04-28 13:56:14 +02:00
kikito
57224ac89d updated readme 2013-09-13 13:56:53 +02:00
kikito
721878115a updated README 2013-09-13 13:20:24 +02:00
kikito
83a5a2b1e2 moved specs from busted to telescope in order to fix issue with debug.sethook-based quota errors 2013-09-13 11:35:35 +02:00
kikito
e9ef4bb57c updated readme 2013-09-06 00:40:43 +02:00
kikito
36fb0929e0 added refs param 2013-09-03 18:07:03 +02:00
kikito
ee9c0f9164 added README and LICENSE 2013-09-03 17:13:39 +02:00