Merge pull request #4519 from XiShanYongYe-Chang/remove-unsafe-lua-library-function
remove unsafe lua load library function
This commit is contained in:
karmada-bot
GitHub
commit
31031548b7
|
|
@ -32,7 +32,7 @@ import (
|
|||
configv1alpha1 "github.com/karmada-io/karmada/pkg/apis/config/v1alpha1"
|
||||
workv1alpha2 "github.com/karmada-io/karmada/pkg/apis/work/v1alpha2"
|
||||
"github.com/karmada-io/karmada/pkg/util/fixedpool"
|
||||
"github.com/karmada-io/karmada/pkg/util/lifted"
|
||||
lualifted "github.com/karmada-io/karmada/pkg/util/lifted/lua"
|
||||
)
|
||||
|
||||
// VM Defines a struct that implements the luaVM.
|
||||
|
|
@ -66,7 +66,7 @@ func (vm *VM) NewLuaState() (*lua.LState, error) {
|
|||
return nil, err
|
||||
}
|
||||
// preload our 'safe' version of the OS library. Allows the 'local os = require("os")' to work
|
||||
l.PreloadModule(lua.OsLibName, lifted.SafeOsLoader)
|
||||
l.PreloadModule(lua.OsLibName, lualifted.SafeOsLoader)
|
||||
// preload kube library. Allows the 'local kube = require("kube")' to work
|
||||
l.PreloadModule(KubeLibName, KubeLoader)
|
||||
return l, err
|
||||
|
|
@ -181,13 +181,13 @@ func (vm *VM) setLib(l *lua.LState) error {
|
|||
n string
|
||||
f lua.LGFunction
|
||||
}{
|
||||
{lua.LoadLibName, lua.OpenPackage},
|
||||
{lua.LoadLibName, lualifted.OpenPackage},
|
||||
{lua.BaseLibName, lua.OpenBase},
|
||||
{lua.TabLibName, lua.OpenTable},
|
||||
{lua.StringLibName, lua.OpenString},
|
||||
{lua.MathLibName, lua.OpenMath},
|
||||
// load our 'safe' version of the OS library
|
||||
{lua.OsLibName, lifted.OpenSafeOs},
|
||||
{lua.OsLibName, lualifted.OpenSafeOs},
|
||||
} {
|
||||
if err := l.CallByParam(lua.P{
|
||||
Fn: l.NewFunction(pair.f),
|
||||
|
|
@ -197,6 +197,35 @@ func (vm *VM) setLib(l *lua.LState) error {
|
|||
return err
|
||||
}
|
||||
}
|
||||
|
||||
// Set potentially unsafe basic functions to nil, prohibiting users from
|
||||
// calling these functions in custom Lua scripts.
|
||||
// For the safety analysis of Sandbox in Lua, please refer to http://lua-users.org/wiki/SandBoxes
|
||||
// For users, these functions are not needed for parsing resource templates,
|
||||
// so disabling these functions has no impact on functionality.
|
||||
for _, value := range []string{
|
||||
"collectgarbage",
|
||||
"dofile",
|
||||
"getfenv",
|
||||
"getmetatable",
|
||||
"load",
|
||||
"loadfile",
|
||||
"loadstring",
|
||||
"rawequal",
|
||||
"rawget",
|
||||
"rawset",
|
||||
"setfenv",
|
||||
"setmetatable",
|
||||
"module",
|
||||
"newproxy",
|
||||
} {
|
||||
overrideFunc := "function %s() error('call function %s is not supported in karmada customized resourceinterpreter.') end"
|
||||
err := l.DoString(fmt.Sprintf(overrideFunc, value, value))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
@ -298,7 +327,7 @@ func NewWithContext(ctx context.Context) (*lua.LState, error) {
|
|||
return nil, err
|
||||
}
|
||||
// preload our 'safe' version of the OS library. Allows the 'local os = require("os")' to work
|
||||
l.PreloadModule(lua.OsLibName, lifted.SafeOsLoader)
|
||||
l.PreloadModule(lua.OsLibName, lualifted.SafeOsLoader)
|
||||
// preload kube library. Allows the 'local kube = require("kube")' to work
|
||||
l.PreloadModule(KubeLibName, KubeLoader)
|
||||
if ctx != nil {
|
||||
|
|
|
|||
|
|
@ -0,0 +1,86 @@
|
|||
/*
|
||||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2015 Yusuke Inuzuka
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
*/
|
||||
|
||||
package lua
|
||||
|
||||
// This code is directly lifted from the github.com/yuin/gopher-lua codebase in order to use the Lua interpreter as safely as possible.
|
||||
// We do not allow users to load modules using the path patterns defined in package.path (for Lua files) and package.cpath (for C libraries) when interpreting resources with lua scripts, which may potentially grant providers access to modules loaded outside the sandbox.
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
lua "github.com/yuin/gopher-lua"
|
||||
)
|
||||
|
||||
/* load lib {{{ */
|
||||
|
||||
var loLoaders = []lua.LGFunction{loLoaderPreload}
|
||||
|
||||
func OpenPackage(L *lua.LState) int {
|
||||
packagemod := L.RegisterModule(lua.LoadLibName, loFuncs)
|
||||
|
||||
L.SetField(packagemod, "preload", L.NewTable())
|
||||
|
||||
loaders := L.CreateTable(len(loLoaders), 0)
|
||||
for i, loader := range loLoaders {
|
||||
L.RawSetInt(loaders, i+1, L.NewFunction(loader))
|
||||
}
|
||||
L.SetField(packagemod, "loaders", loaders)
|
||||
L.SetField(L.Get(lua.RegistryIndex), "_LOADERS", loaders)
|
||||
|
||||
loaded := L.NewTable()
|
||||
L.SetField(packagemod, "loaded", loaded)
|
||||
L.SetField(L.Get(lua.RegistryIndex), "_LOADED", loaded)
|
||||
|
||||
L.Push(packagemod)
|
||||
return 1
|
||||
}
|
||||
|
||||
var loFuncs = map[string]lua.LGFunction{
|
||||
"loadlib": loLoadLib,
|
||||
}
|
||||
|
||||
func loLoaderPreload(L *lua.LState) int {
|
||||
name := L.CheckString(1)
|
||||
preload := L.GetField(L.GetField(L.Get(lua.EnvironIndex), "package"), "preload")
|
||||
if _, ok := preload.(*lua.LTable); !ok {
|
||||
L.RaiseError("package.preload must be a table")
|
||||
}
|
||||
lv := L.GetField(preload, name)
|
||||
if lv == lua.LNil {
|
||||
L.Push(lua.LString(fmt.Sprintf("no field package.preload['%s']", name)))
|
||||
return 1
|
||||
}
|
||||
L.Push(lv)
|
||||
return 1
|
||||
}
|
||||
|
||||
func loLoadLib(L *lua.LState) int {
|
||||
L.RaiseError("loadlib is not supported")
|
||||
return 0
|
||||
}
|
||||
|
||||
/* }}} */
|
||||
|
||||
//
|
||||
|
|
@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
|
|||
limitations under the License.
|
||||
*/
|
||||
|
||||
package lifted
|
||||
package lua
|
||||
|
||||
// This code is directly lifted from the argo-cd codebase in order to avoid relying on the lua package.
|
||||
// For reference:
|
||||
|
|
@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
|
|||
limitations under the License.
|
||||
*/
|
||||
|
||||
package lifted
|
||||
package lua
|
||||
|
||||
import (
|
||||
"testing"
|
||||
Loading…
Reference in New Issue