Commit Graph

40 Commits

Author SHA1 Message Date
Enrique García Cota
fd442fd395
docs(changelog) document 1.0.1 2021-01-07 18:43:44 +01:00
Enrique García Cota
3f11f19ba3
tests - add test for overriding base env with false 2021-01-07 18:32:29 +01:00
eskerda
26553beec7 fix(sandbox) fix false on passed_env
passed_env[k] = false would set BASE_ENV[k]
2021-01-07 18:28:16 +01:00
Enrique García Cota
e28e0bef65
chore - publish rockspec and add luarocks instructions 2021-01-07 11:38:37 +01:00
Enrique García Cota
a8b9c31ad5
docs - add changelog 2021-01-06 16:25:47 +01:00
Enrique García Cota
3bca806250
docs(README) document missing features, add new ones, reorder 2021-01-06 12:06:27 +01:00
Enrique García Cota
e1e0faf150 feat(sandbox) make envs read-only, change the way they are built
This changes envs in three ways:
* They are strict read-only. This minimizes the surface attack if someone with malicious intent overrides global stuff on an environment which happens to be reused.
* Envs can override the base env
* Envs with metatables now use them
2021-01-06 10:57:52 +01:00
Enrique García Cota
7de90f6ccf chore(ci) github actions for ci 2021-01-05 19:50:12 +01:00
Enrique García Cota
a9fdb8a32a style(sandbox) minor comment changes / luacheck 2021-01-05 19:50:12 +01:00
Enrique García Cota
d4e8634ccd feat(sandbox) block bytecode when possible 2021-01-05 19:50:12 +01:00
Enrique García Cota
485a14697c feat(sandbox) explicitly drop support of quotas on LuaJIT
The solution we use in PUC Rio Lua (with debug.sethook) simply does not
work in LuaJIT.

* We have added a `sandbox.quota_supported` field to signal this feature
  (or lack of thereof)
* We explicitly return an error if `options.quota` is passed on a LuaJIT
  environment, in order to prevent LuaJIT users from believing that they
  are protected against infinite loops.
2021-01-05 19:50:12 +01:00
Enrique García Cota
50bfa4abca feat(sandbox): only allow strings of Lua as params
This change drops support for "protecting" raw Lua functions.

There are two main reasons for this change:

* More modern versions of PUC Rio Lua don't have `setfenv`. It is
  possible to get around this by using the debug library, but that
  library is not available in all environments.
* Solutions based on `load` (which only allow string inputs) are
  objectively better since they give the user more control. For
  instance, you can deactivate support for binary code selectively.

As a result, we are using the `load`-based sandbox in all versions of
Lua that supports it, using `setfenv`-based sandboxing only when nothing
else is available (PUC Rio 5.1).

We are also explicitly raising an error if `options.mode` is passed but
we are using `setfenv`. This is to prevent users from believing they are
protected against binary code, when in fact they are not.
2021-01-05 19:50:12 +01:00
eskerda
9f83b8914a feat(sandbox) return multiple values 2021-01-05 19:50:12 +01:00
eskerda
8974b8869c feat(sandbox) add load mode to string functions 2021-01-05 19:50:12 +01:00
eskerda
ddbc7e12cc chore(*) use busted for specs
it does no longer hang
2021-01-05 19:50:12 +01:00
eskerda
3757048d27 chore(*) add rockspec 2021-01-05 19:50:12 +01:00
eskerda
552459192f chore(*) lua > 5.1 compatibility
* add a setfenv implementation
2021-01-05 19:50:12 +01:00
kikito
a4c0a9ad3d edit README 2014-04-28 13:58:39 +02:00
kikito
779c5c4bb0 edit README 2014-04-28 13:56:14 +02:00
kikito
bdecb751d7 added URL attribute to the lib 2013-09-14 13:19:23 +02:00
kikito
bf995029ba passing false as a quota deactivates the hooks 2013-09-14 12:54:49 +02:00
kikito
48ae2844e9 made sandbox survive if debug lib is not present 2013-09-14 12:49:46 +02:00
kikito
66a82c06ce merge copyright & license options. Clearer and easier 2013-09-13 15:56:55 +02:00
kikito
57224ac89d updated readme 2013-09-13 13:56:53 +02:00
kikito
549e31e7cd made _G available as a mocked up env inside the sandboxed env 2013-09-13 13:26:08 +02:00
kikito
721878115a updated README 2013-09-13 13:20:24 +02:00
kikito
a12502d68e added comments and informational items to the sandbox table 2013-09-13 12:56:06 +02:00
kikito
83a5a2b1e2 moved specs from busted to telescope in order to fix issue with debug.sethook-based quota errors 2013-09-13 11:35:35 +02:00
kikito
e9ef4bb57c updated readme 2013-09-06 00:40:43 +02:00
kikito
36fb0929e0 added refs param 2013-09-03 18:07:03 +02:00
kikito
ee9c0f9164 added README and LICENSE 2013-09-03 17:13:39 +02:00
kikito
b1d69c89d7 cleanup 2013-09-03 16:41:46 +02:00
kikito
36be73e3a9 do not persist changes to the environment from sandbox to sandbox 2013-09-03 16:07:28 +02:00
kikito
c1e5b44938 naming & refactoring 2013-09-03 13:20:38 +02:00
kikito
3a90dc3319 cleanup 2013-09-03 13:15:47 +02:00
kikito
57a914f082 accepts limit param 2013-09-03 13:14:42 +02:00
kikito
ea90a3c971 made sandbox immune to while trues 2013-09-03 12:53:26 +02:00
kikito
95069bd456 more fiddling with string.rep 2013-09-03 11:53:41 +02:00
kikito
b22efe1ca8 reformatting 2013-09-03 11:51:10 +02:00
kikito
31bac65e68 initial version 2013-09-02 22:11:33 +02:00