[lua] Ask for access for package.loadlib() function

2025-01-01 18:00:26 +00:00 · 2023-07-19 09:15:15 -03:00 · 2023-07-19 09:15:15 -03:00 · 32009723c5
commit 32009723c5
parent 64369281fa
4 changed files with 41 additions and 9 deletions
--- a/data/strings/en.ini
+++ b/data/strings/en.ini
@ -1899,6 +1899,7 @@ allow_execute_access = &Allow Execute Access
 allow_write_access = &Allow Write Access
 allow_read_access = &Allow Read Access
 allow_open_conn_access = &Allow to Open Connections
+allow_load_lib_access = &Allow Load External Library
 give_full_access = Give Script Full &Access
 stop_script = &Stop Script

--- a/src/app/script/engine.cpp
+++ b/src/app/script/engine.cpp
@ -251,6 +251,13 @@ Engine::Engine()
  lua_setfield(L, -2, "execute");
  lua_pop(L, 1);

+  // Wrap package.loadlib()
+  lua_getglobal(L, "package");
+  lua_getfield(L, -1, "loadlib");
+  lua_pushcclosure(L, secure_package_loadlib, 1);
+  lua_setfield(L, -2, "loadlib");
+  lua_pop(L, 1);
+
  // Enhance require() function for plugins
  custom_require_function(L);

--- a/src/app/script/security.cpp
+++ b/src/app/script/security.cpp
@ -114,6 +114,26 @@ int secure_os_execute(lua_State* L)
  return 1;
 }

+int secure_package_loadlib(lua_State* L)
+{
+  int n = lua_gettop(L);
+  if (n == 0)
+    return 0;
+
+  const char* cmd = lua_tostring(L, 1);
+  if (!ask_access(L, cmd, FileAccessMode::LoadLib, ResourceType::File)) {
+    // Stop script
+    return luaL_error(L, "the script doesn't have access to execute the command: '%s'",
+                      cmd);
+  }
+
+  lua_pushvalue(L, lua_upvalueindex(1));
+  for (int i=1; i<=n; ++i)
+    lua_pushvalue(L, i);
+  lua_call(L, n, 1);
+  return 1;
+}
+
 bool ask_access(lua_State* L,
                const char* filename,
                const FileAccessMode mode,
@ -136,13 +156,15 @@ bool ask_access(lua_State* L,
      return true;

    std::string allowButtonText =
-      mode == FileAccessMode::OpenSocket ?
-        Strings::script_access_allow_open_conn_access():
-      mode == FileAccessMode::Execute ?
-        Strings::script_access_allow_execute_access():
-      mode == FileAccessMode::Write ?
-        Strings::script_access_allow_write_access():
-        Strings::script_access_allow_read_access();
+      (mode == FileAccessMode::LoadLib ?
+         Strings::script_access_allow_load_lib_access() :
+       mode == FileAccessMode::OpenSocket ?
+         Strings::script_access_allow_open_conn_access() :
+       mode == FileAccessMode::Execute ?
+         Strings::script_access_allow_execute_access() :
+       mode == FileAccessMode::Write ?
+         Strings::script_access_allow_write_access() :
+         Strings::script_access_allow_read_access());

    app::gen::ScriptAccess dlg;
    dlg.script()->setText(script);
--- a/src/app/script/security.h
+++ b/src/app/script/security.h
@ -1,5 +1,5 @@
 // Aseprite
-// Copyright (C) 2021  Igara Studio S.A.
+// Copyright (C) 2021-2023  Igara Studio S.A.
 // Copyright (C) 2018  David Capello
 //
 // This program is distributed under the terms of
@ -23,7 +23,8 @@ namespace script {
    Write = 2,
    Read = 4,
    OpenSocket = 8,
-    Full = Execute | Write | Read | OpenSocket,
+    LoadLib = 16,
+    Full = Execute | Write | Read | OpenSocket | LoadLib,
  };

  enum class ResourceType {
@ -34,6 +35,7 @@ namespace script {

  int secure_io_open(lua_State* L);
  int secure_os_execute(lua_State* L);
+  int secure_package_loadlib(lua_State* L);

  bool ask_access(lua_State* L,
                  const char* filename,