diff options
| author | Daniel Silverstone <dsilvers@digital-scurf.org> | 2012-08-08 19:57:28 +0100 |
|---|---|---|
| committer | Daniel Silverstone <dsilvers@digital-scurf.org> | 2012-08-08 19:57:28 +0100 |
| commit | 27079315e49941b0c52c1cca9604c0e19c800807 (patch) | |
| tree | 6bdc0998f670689cf263cba77769a125fe70c761 | |
| parent | 62a0a7783b8b1c6207dbda28fc15e3fd15d76ac6 (diff) | |
| download | gitano-27079315e49941b0c52c1cca9604c0e19c800807.tar.gz | |
CONFIG: Change gitano-admin config loading to use limited sandbox
| -rw-r--r-- | lib/gitano/config.lua | 45 |
1 files changed, 16 insertions, 29 deletions
diff --git a/lib/gitano/config.lua b/lib/gitano/config.lua index 8a0950e..4ff8868 100644 --- a/lib/gitano/config.lua +++ b/lib/gitano/config.lua @@ -49,19 +49,12 @@ local function parse_admin_config(commit) return nil, "No core rules file" end - local conf_fn, conf_globals = - sb.wrap(flat_tree["site.conf"].obj.content, - "gitano-admin:" .. commit.sha .. ":site.conf", - {}) - - if not conf_fn then - return nil, conf_globals - end - - local ok, err = pcall(conf_fn) + local ok, conf_globals = + sb.safe_load(flat_tree["site.conf"].obj.content, + "gitano-admin:" .. commit.sha .. ":site.conf") if not ok then - return nil, err + return nil, conf_globals end -- Parsed site.conf, check for core config entries @@ -84,17 +77,14 @@ local function parse_admin_config(commit) return nil, "Duplicate user name: " .. username end -- Found a user, fill them out - local user_fn, user_globals = - sb.wrap(obj.obj.content, - commit.sha .. ":" .. prefix .. username .. "/user.conf", - {}) - if not user_fn then - return nil, user_globals - end - local ok, msg = pcall(user_fn) + local ok, user_globals = + sb.safe_load(obj.obj.content, + commit.sha .. ":" .. prefix .. username .. "/user.conf") + if not ok then - return nil, msg + return nil, user_globals end + if type(user_globals.real_name) ~= "string" then return nil, "gitano-admin:" .. commit.sha .. ":" .. prefix .. username .. "/user.conf missing real_name" end @@ -162,16 +152,13 @@ local function parse_admin_config(commit) if not is_blob(obj) then return nil, prefix .. groupname .. ".conf is not a blob?" end - local group_fn, group_globals = - sb.wrap(obj.obj.content, - "gitano-admin:" .. commit.sha .. ":" .. prefix .. groupname .. ".conf", - {}) - if not group_fn then - return nil, group_globals - end - local ok, msg = pcall(group_fn) + local ok, group_globals = + sb.safe_load(obj.obj.content, + "gitano-admin:" .. commit.sha .. ":" .. + prefix .. groupname .. ".conf") + if not ok then - return nil, msg + return nil, group_globals end if type(group_globals.description) ~= "string" then return nil, groupname .. ": No description?" |