2
0

s_security.h 3.1 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283
  1. /*
  2. Minetest
  3. Copyright (C) 2013 celeron55, Perttu Ahola <celeron55@gmail.com>
  4. This program is free software; you can redistribute it and/or modify
  5. it under the terms of the GNU Lesser General Public License as published by
  6. the Free Software Foundation; either version 2.1 of the License, or
  7. (at your option) any later version.
  8. This program is distributed in the hope that it will be useful,
  9. but WITHOUT ANY WARRANTY; without even the implied warranty of
  10. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  11. GNU Lesser General Public License for more details.
  12. You should have received a copy of the GNU Lesser General Public License along
  13. with this program; if not, write to the Free Software Foundation, Inc.,
  14. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  15. */
  16. #pragma once
  17. #include "cpp_api/s_base.h"
  18. #define CHECK_SECURE_PATH_INTERNAL(L, path, write_required, ptr) \
  19. if (!ScriptApiSecurity::checkPath(L, path, write_required, ptr)) { \
  20. throw LuaError(std::string("Mod security: Blocked attempted ") + \
  21. (write_required ? "write to " : "read from ") + path); \
  22. }
  23. #define CHECK_SECURE_PATH(L, path, write_required) \
  24. if (ScriptApiSecurity::isSecure(L)) { \
  25. CHECK_SECURE_PATH_INTERNAL(L, path, write_required, NULL); \
  26. }
  27. #define CHECK_SECURE_PATH_POSSIBLE_WRITE(L, path, ptr) \
  28. if (ScriptApiSecurity::isSecure(L)) { \
  29. CHECK_SECURE_PATH_INTERNAL(L, path, false, ptr); \
  30. }
  31. class ScriptApiSecurity : virtual public ScriptApiBase
  32. {
  33. public:
  34. // Sets up security on the ScriptApi's Lua state
  35. void initializeSecurity();
  36. void initializeSecurityClient();
  37. // Checks if the Lua state has been secured
  38. static bool isSecure(lua_State *L);
  39. // Loads a string as Lua code safely (doesn't allow bytecode).
  40. static bool safeLoadString(lua_State *L, const std::string &code, const char *chunk_name);
  41. // Loads a file as Lua code safely (doesn't allow bytecode).
  42. static bool safeLoadFile(lua_State *L, const char *path, const char *display_name = NULL);
  43. // Checks if mods are allowed to read (and optionally write) to the path
  44. static bool checkPath(lua_State *L, const char *path, bool write_required,
  45. bool *write_allowed=NULL);
  46. // Check if mod is whitelisted in the given setting
  47. // This additionally checks that the mod's main file scope is executing.
  48. static bool checkWhitelisted(lua_State *L, const std::string &setting);
  49. private:
  50. int getThread(lua_State *L);
  51. // sets the enviroment to the table thats on top of the stack
  52. void setLuaEnv(lua_State *L, int thread);
  53. // creates an empty Lua environment
  54. void createEmptyEnv(lua_State *L);
  55. // Syntax: "sl_" <Library name or 'g' (global)> '_' <Function name>
  56. // (sl stands for Secure Lua)
  57. static int sl_g_dofile(lua_State *L);
  58. static int sl_g_load(lua_State *L);
  59. static int sl_g_loadfile(lua_State *L);
  60. static int sl_g_loadstring(lua_State *L);
  61. static int sl_g_require(lua_State *L);
  62. static int sl_io_open(lua_State *L);
  63. static int sl_io_input(lua_State *L);
  64. static int sl_io_output(lua_State *L);
  65. static int sl_io_lines(lua_State *L);
  66. static int sl_os_rename(lua_State *L);
  67. static int sl_os_remove(lua_State *L);
  68. static int sl_os_setlocale(lua_State *L);
  69. };