syntax highlighting in ReadMe options.env

passed_env[k] = false would set BASE_ENV[k]

CHANGELOG.md

@@ -1,4 +1,8 @@
-v1.0.0 (2021-01)
+# v1.0.1 (2021-01)
+
+- Fix a bug in which the base environment wasn't overrideable with `false`
+
+# v1.0.0 (2021-01)
 
 - Added support for all major versions of PUC Rio Lua and LuaJIT
 - Only Lua strings are admitted now, "naked Lua" functions are not permitted any more
@@ -8,6 +12,6 @@ v1.0.0 (2021-01)
 - Environments can have metatables with indexes, and they are respected
 - Environments can override the base environment
 
-v0.5.0 (2013)
+# v0.5.0 (2013)
 
 Initial version

README.md

@@ -140,30 +140,39 @@ If you want to turn off the quota completely, pass `quota=false` instead.
 
 Use the `env` option to inject additional variables to the environment in which the sandboxed code is executed.
 
-    local msg = sandbox.run('return foo', {env = {foo = 'This is a global var on the the environment'}})
+```lua
+local msg = sandbox.run('return foo', {env = {foo = 'This is a global var on the the environment'}})
+```
 
 The `env` variable will be used as an "index" by the sandbox environment, but it will *not* be modified at all (changes
 to the environment are thus lost). The only way to "get information out" from the sandboxed environments are:
 
 Through side effects, like writing to a database. You will have to provide the side-effects functions in `env`:
 
-    local val = 1
+```lua
-    local env = { write_db = function(new_val) val = new_val end }
+local val = 1
-    sandbox.run('write_db(2)')
+local env = { write_db = function(new_val) val = new_val end }
-    assert(val = 2)
+sandbox.run('write_db(2)', { env = env })
+assert(val = 2)
+```
 
 Through returned values:
 
-    local env = { amount = 1 }
+```lua
-    local result = sandbox.run('return amount + 1', { env = env })
+local env = { amount = 1 }
-    assert(result = 2)
+local result = sandbox.run('return amount + 1', { env = env })
-
+assert(result = 2)
+```
 
 Installation
 ============
 
 Just copy sandbox.lua wherever you need it.
 
+Alternatively, you can use luarocks:
+
+    luarocks install kikito/sandbox
+
 License
 =======
 

sandbox-1.0.1-4.rockspec

@@ -1,15 +1,15 @@
-package = "sandbox.lua"
+package = "sandbox"
 
-version = "0.0.1-0"
+version = "1.0.1-4"
 
 source = {
-   url = "git://github.com/kikito/sandbox.lua.git",
+   url = "git+https://github.com/kikito/lua-sandbox",
-   tag = "0.0.1"
+   tag = "v1.0.1"
 }
 
 description = {
    summary = "A pure-lua solution for running untrusted Lua code.",
-   homepage = "https://github.com/kikito/sandbox.lua",
+   homepage = "https://github.com/kikito/lua-sandbox",
 }
 
 dependencies = {

sandbox.lua

@@ -134,7 +134,11 @@ function sandbox.protect(code, options)
   local env = {}
   for k, v in pairs(BASE_ENV) do
     local pv = passed_env[k]
-    env[k] = pv ~= nil and pv or v
+    if pv ~= nil then
+      env[k] = pv
+    else
+      env[k] = v
+    end
   end
   setmetatable(env, { __index = options.env })
   env._G = env

spec/sandbox_spec.lua

@@ -135,6 +135,11 @@ describe('sandbox.run', function()
       local env = { tostring = function(x) return "hello " .. x end }
       assert.equal("hello peter", sandbox.run("return tostring('peter')", { env = env }))
     end)
+
+    it('can override the base env with false', function()
+      local env = { tostring = false }
+      assert.equal(false, sandbox.run("return tostring", { env = env }))
+    end)
   end)
 
 end)