Line data Source code
1 : /*
2 : Minetest
3 : Copyright (C) 2013 celeron55, Perttu Ahola <celeron55@gmail.com>
4 :
5 : This program is free software; you can redistribute it and/or modify
6 : it under the terms of the GNU Lesser General Public License as published by
7 : the Free Software Foundation; either version 2.1 of the License, or
8 : (at your option) any later version.
9 :
10 : This program is distributed in the hope that it will be useful,
11 : but WITHOUT ANY WARRANTY; without even the implied warranty of
12 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 : GNU Lesser General Public License for more details.
14 :
15 : You should have received a copy of the GNU Lesser General Public License along
16 : with this program; if not, write to the Free Software Foundation, Inc.,
17 : 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
18 : */
19 :
20 : #ifndef S_SECURITY_H
21 : #define S_SECURITY_H
22 :
23 : #include "cpp_api/s_base.h"
24 :
25 :
26 : #define CHECK_SECURE_PATH(L, path) \
27 : if (!ScriptApiSecurity::checkPath(L, path)) { \
28 : lua_pushstring(L, (std::string("Attempt to access external file ") + \
29 : path + " with mod security on.").c_str()); \
30 : lua_error(L); \
31 : }
32 : #define CHECK_SECURE_PATH_OPTIONAL(L, path) \
33 : if (ScriptApiSecurity::isSecure(L)) { \
34 : CHECK_SECURE_PATH(L, path); \
35 : }
36 :
37 :
38 0 : class ScriptApiSecurity : virtual public ScriptApiBase
39 : {
40 : public:
41 : // Sets up security on the ScriptApi's Lua state
42 : void initializeSecurity();
43 : // Checks if the Lua state has been secured
44 : static bool isSecure(lua_State *L);
45 : // Loads a file as Lua code safely (doesn't allow bytecode).
46 : static bool safeLoadFile(lua_State *L, const char *path);
47 : // Checks if mods are allowed to read and write to the path
48 : static bool checkPath(lua_State *L, const char *path);
49 :
50 : private:
51 : // Syntax: "sl_" <Library name or 'g' (global)> '_' <Function name>
52 : // (sl stands for Secure Lua)
53 :
54 : static int sl_g_dofile(lua_State *L);
55 : static int sl_g_load(lua_State *L);
56 : static int sl_g_loadfile(lua_State *L);
57 : static int sl_g_loadstring(lua_State *L);
58 : static int sl_g_require(lua_State *L);
59 :
60 : static int sl_io_open(lua_State *L);
61 : static int sl_io_input(lua_State *L);
62 : static int sl_io_output(lua_State *L);
63 : static int sl_io_lines(lua_State *L);
64 :
65 : static int sl_os_rename(lua_State *L);
66 : static int sl_os_remove(lua_State *L);
67 : };
68 :
69 : #endif
70 :
|
