mirror/aseprite
1
0
Fork 0
mirror of https://github.com/aseprite/aseprite.git synced 2025-01-15 19:52:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

[lua] Ask permissions for io.lines/input/output functions

Browse Source
This commit is contained in:
David Capello 2024-04-21 14:30:25 -03:00
parent 7172de5007
commit cd211ba0fd
1 changed files with 48 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
src/app/script/security.cpp
View File

@ -36,12 +36,18 @@ namespace {
int secure_io_open(lua_State* L); int secure_io_open(lua_State* L);
int secure_io_popen(lua_State* L); int secure_io_popen(lua_State* L);
int secure_io_lines(lua_State* L);
int secure_io_input(lua_State* L);
int secure_io_output(lua_State* L);
int secure_os_execute(lua_State* L); int secure_os_execute(lua_State* L);
int secure_package_loadlib(lua_State* L); int secure_package_loadlib(lua_State* L);
enum { enum {
io_open, io_open,
io_popen, io_popen,
io_lines,
io_input,
io_output,
os_execute, os_execute,
package_loadlib, package_loadlib,
}; };
@ -54,6 +60,9 @@ static struct {
} replaced_functions[] = { } replaced_functions[] = {
{ "io", "open", secure_io_open }, { "io", "open", secure_io_open },
{ "io", "popen", secure_io_popen }, { "io", "popen", secure_io_popen },
{ "io", "lines", secure_io_lines },
{ "io", "input", secure_io_input },
{ "io", "output", secure_io_output },
{ "os", "execute", secure_os_execute }, { "os", "execute", secure_os_execute },
{ "package", "loadlib", secure_package_loadlib }, { "package", "loadlib", secure_package_loadlib },
}; };
@ -135,6 +144,45 @@ int secure_io_popen(lua_State* L)
return replaced_functions[io_popen].origfunc(L); return replaced_functions[io_popen].origfunc(L);
} }
int secure_io_lines(lua_State* L)
{
if (auto fn = lua_tostring(L, 1)) {
std::string absFilename = base::get_absolute_path(fn);
if (!ask_access(L, absFilename.c_str(), FileAccessMode::Read, ResourceType::File)) {
return luaL_error(L, "the script doesn't have access to file '%s'",
absFilename.c_str());
}
}
return replaced_functions[io_lines].origfunc(L);
}
int secure_io_input(lua_State* L)
{
if (auto fn = lua_tostring(L, 1)) {
std::string absFilename = base::get_absolute_path(fn);
if (!ask_access(L, absFilename.c_str(), FileAccessMode::Read, ResourceType::File)) {
return luaL_error(L, "the script doesn't have access to file '%s'",
absFilename.c_str());
}
}
return replaced_functions[io_input].origfunc(L);
}
int secure_io_output(lua_State* L)
{
if (auto fn = lua_tostring(L, 1)) {
std::string absFilename = base::get_absolute_path(fn);
if (!ask_access(L, absFilename.c_str(), FileAccessMode::Write, ResourceType::File)) {
return luaL_error(L, "the script doesn't have access to file '%s'",
absFilename.c_str());
}
}
return replaced_functions[io_output].origfunc(L);
}
int secure_os_execute(lua_State* L) int secure_os_execute(lua_State* L)
{ {
const char* cmd = luaL_checkstring(L, 1); const char* cmd = luaL_checkstring(L, 1);