mirror of
https://github.com/aseprite/aseprite.git
synced 2024-10-06 06:50:07 +00:00
[lua] Ask for access for package.loadlib() function
This commit is contained in:
parent
64369281fa
commit
32009723c5
@ -1899,6 +1899,7 @@ allow_execute_access = &Allow Execute Access
|
|||||||
allow_write_access = &Allow Write Access
|
allow_write_access = &Allow Write Access
|
||||||
allow_read_access = &Allow Read Access
|
allow_read_access = &Allow Read Access
|
||||||
allow_open_conn_access = &Allow to Open Connections
|
allow_open_conn_access = &Allow to Open Connections
|
||||||
|
allow_load_lib_access = &Allow Load External Library
|
||||||
give_full_access = Give Script Full &Access
|
give_full_access = Give Script Full &Access
|
||||||
stop_script = &Stop Script
|
stop_script = &Stop Script
|
||||||
|
|
||||||
|
@ -251,6 +251,13 @@ Engine::Engine()
|
|||||||
lua_setfield(L, -2, "execute");
|
lua_setfield(L, -2, "execute");
|
||||||
lua_pop(L, 1);
|
lua_pop(L, 1);
|
||||||
|
|
||||||
|
// Wrap package.loadlib()
|
||||||
|
lua_getglobal(L, "package");
|
||||||
|
lua_getfield(L, -1, "loadlib");
|
||||||
|
lua_pushcclosure(L, secure_package_loadlib, 1);
|
||||||
|
lua_setfield(L, -2, "loadlib");
|
||||||
|
lua_pop(L, 1);
|
||||||
|
|
||||||
// Enhance require() function for plugins
|
// Enhance require() function for plugins
|
||||||
custom_require_function(L);
|
custom_require_function(L);
|
||||||
|
|
||||||
|
@ -114,6 +114,26 @@ int secure_os_execute(lua_State* L)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int secure_package_loadlib(lua_State* L)
|
||||||
|
{
|
||||||
|
int n = lua_gettop(L);
|
||||||
|
if (n == 0)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
const char* cmd = lua_tostring(L, 1);
|
||||||
|
if (!ask_access(L, cmd, FileAccessMode::LoadLib, ResourceType::File)) {
|
||||||
|
// Stop script
|
||||||
|
return luaL_error(L, "the script doesn't have access to execute the command: '%s'",
|
||||||
|
cmd);
|
||||||
|
}
|
||||||
|
|
||||||
|
lua_pushvalue(L, lua_upvalueindex(1));
|
||||||
|
for (int i=1; i<=n; ++i)
|
||||||
|
lua_pushvalue(L, i);
|
||||||
|
lua_call(L, n, 1);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
bool ask_access(lua_State* L,
|
bool ask_access(lua_State* L,
|
||||||
const char* filename,
|
const char* filename,
|
||||||
const FileAccessMode mode,
|
const FileAccessMode mode,
|
||||||
@ -136,13 +156,15 @@ bool ask_access(lua_State* L,
|
|||||||
return true;
|
return true;
|
||||||
|
|
||||||
std::string allowButtonText =
|
std::string allowButtonText =
|
||||||
mode == FileAccessMode::OpenSocket ?
|
(mode == FileAccessMode::LoadLib ?
|
||||||
Strings::script_access_allow_open_conn_access():
|
Strings::script_access_allow_load_lib_access() :
|
||||||
mode == FileAccessMode::Execute ?
|
mode == FileAccessMode::OpenSocket ?
|
||||||
Strings::script_access_allow_execute_access():
|
Strings::script_access_allow_open_conn_access() :
|
||||||
mode == FileAccessMode::Write ?
|
mode == FileAccessMode::Execute ?
|
||||||
Strings::script_access_allow_write_access():
|
Strings::script_access_allow_execute_access() :
|
||||||
Strings::script_access_allow_read_access();
|
mode == FileAccessMode::Write ?
|
||||||
|
Strings::script_access_allow_write_access() :
|
||||||
|
Strings::script_access_allow_read_access());
|
||||||
|
|
||||||
app::gen::ScriptAccess dlg;
|
app::gen::ScriptAccess dlg;
|
||||||
dlg.script()->setText(script);
|
dlg.script()->setText(script);
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
// Aseprite
|
// Aseprite
|
||||||
// Copyright (C) 2021 Igara Studio S.A.
|
// Copyright (C) 2021-2023 Igara Studio S.A.
|
||||||
// Copyright (C) 2018 David Capello
|
// Copyright (C) 2018 David Capello
|
||||||
//
|
//
|
||||||
// This program is distributed under the terms of
|
// This program is distributed under the terms of
|
||||||
@ -23,7 +23,8 @@ namespace script {
|
|||||||
Write = 2,
|
Write = 2,
|
||||||
Read = 4,
|
Read = 4,
|
||||||
OpenSocket = 8,
|
OpenSocket = 8,
|
||||||
Full = Execute | Write | Read | OpenSocket,
|
LoadLib = 16,
|
||||||
|
Full = Execute | Write | Read | OpenSocket | LoadLib,
|
||||||
};
|
};
|
||||||
|
|
||||||
enum class ResourceType {
|
enum class ResourceType {
|
||||||
@ -34,6 +35,7 @@ namespace script {
|
|||||||
|
|
||||||
int secure_io_open(lua_State* L);
|
int secure_io_open(lua_State* L);
|
||||||
int secure_os_execute(lua_State* L);
|
int secure_os_execute(lua_State* L);
|
||||||
|
int secure_package_loadlib(lua_State* L);
|
||||||
|
|
||||||
bool ask_access(lua_State* L,
|
bool ask_access(lua_State* L,
|
||||||
const char* filename,
|
const char* filename,
|
||||||
|
Loading…
Reference in New Issue
Block a user