sandboxing lua and fennel

author: icebaker <icebaker@proton.me> 2023-06-04 16:24:30 -0300
committer: icebaker <icebaker@proton.me> 2023-06-04 16:24:30 -0300
commit: c2ccdff345f6cd9ff7d03426d11ffba1eeb5a3c8 (patch)
tree: d6e22e5fdbf60e27974ad0646f44a50a670dfee5
parent: a07c3a448b3fe96aefebdedaee13ce345232d4f0 (diff)
1 files changed, 10 insertions, 2 deletions
diff --git a/components/adapter.rb b/components/adapter.rb
index b906a27..a361437 100644
--- a/components/adapter.rb
+++ b/components/adapter.rb
@@ -24,14 +24,22 @@ module NanoBot
       def self.fennel(content, expression)
         path = "#{File.expand_path('../static/fennel', __dir__)}/?.lua"
         state = SweetMoon::State.new(package_path: path).fennel
-        state.fennel.eval("(set _G.adapter (fn [content] #{expression}))")
+        # TODO: global is deprecated...
+        state.fennel.eval(
+          "(global adapter (fn [content] #{expression}))", 1,
+          { allowedGlobals: %w[math string table] }
+        )
         adapter = state.get(:adapter)
         adapter.call([content])
       end
 
       def self.lua(content, expression)
         state = SweetMoon::State.new
-        state.eval("adapter = function(content) return #{expression}; end")
+        code = "_, adapter = pcall(load('return function(content) return #{
+          expression.gsub("'", "\\\\'")
+        }; end', nil, 't', {math=math,string=string,table=table}))"
+
+        state.eval(code)
         adapter = state.get(:adapter)
         adapter.call([content])
       end
author	icebaker <icebaker@proton.me>	2023-06-04 16:24:30 -0300
committer	icebaker <icebaker@proton.me>	2023-06-04 16:24:30 -0300
commit	c2ccdff345f6cd9ff7d03426d11ffba1eeb5a3c8 (patch)
tree	d6e22e5fdbf60e27974ad0646f44a50a670dfee5
parent	a07c3a448b3fe96aefebdedaee13ce345232d4f0 (diff)