diff options
Diffstat (limited to 'lib/supple/sandbox.lua')
| -rw-r--r-- | lib/supple/sandbox.lua | 44 |
1 files changed, 27 insertions, 17 deletions
diff --git a/lib/supple/sandbox.lua b/lib/supple/sandbox.lua index 6b2d3ab..f096cb6 100644 --- a/lib/supple/sandbox.lua +++ b/lib/supple/sandbox.lua @@ -20,12 +20,14 @@ -- local capi = require 'supple.capi' +local objects = require 'supple.objects' +local comms = require 'supple.comms' local luxio = require 'luxio' local sio = require 'luxio.simple' +local loadstring = loadstring local load = load local setfenv = setfenv -local type = type -- Run fn with globs as its globals. Returns a function to run which -- returns the return values of fn, and also wrap returns the table @@ -38,16 +40,16 @@ local type = type -- -- In case of error, returns nil, errmsg local function _wrap(fn, src, globs) + globs = globs or {} local fn_glob = setmetatable({}, { __index = globs, __metatable=true }) local fn_ret, msg assert(fn, "No function/source provided?") assert(src, "No source name provided?") - globs = globs or {} if setfenv then -- Lua 5.1 style load... - fn_ret, msg = ((type(fn) == "string") and loadstring or load)(fn, src) + fn_ret, msg = ((capi.rawtype(fn) == "string") and loadstring or load)(fn, src) if not fn_ret then return nil, msg end @@ -65,14 +67,6 @@ local function _wrap(fn, src, globs) return fn_ret, fn_glob end -local function sandboxed_go() - -- Remove ourselves from the globals table so we cannot - -- be reentered - go = nil; - --- return io.receive() - return 0 -end local function run() -- Run the sandbox @@ -103,24 +97,40 @@ local function run() -- END_TEST_ONLY -- Prepare a severely limited sandbox - local sandbox_globals = {} + local sandbox_globals = { + type = capi.type, + } for _, k in ipairs({ "table", "string", "pairs", "ipairs", "pcall", "xpcall", "unpack", "tostring", "tonumber", "math", - "type", "coroutine", "select", "error", "assert" }) do + "coroutine", "select", "error", "assert" }) do sandbox_globals[k] = _G[k] end -- Complete its "globals" sandbox_globals._G = sandbox_globals - -- And add in the magic function we need - sandbox_globals.go = sandboxed_go - local fn, globs = _wrap("return go()", "sandbox", sandbox_globals) + local _go_str = [[ + return ({...})[1]() + ]] + + local fn, globs = _wrap(_go_str, "sandbox", sandbox_globals) if not fn then return 1 end - return fn() + objects.set_name(("supple-sandbox[%d]"):format(luxio.getpid())) + objects.set_proc_call(comms.call) + + local function wrappered_load(str, name) + return _wrap(str, name, sandbox_globals) + end + + -- Pretend we've "given" the host an object called 'supple:loadstring' + -- which is the loadstring/load function + objects.give(wrappered_load, "supple:loadstring") + comms._set_fd(0) + + return fn(comms._wait) end return { |