diff options
Diffstat (limited to 'src/ffi/luau/lauxlib.rs')
-rw-r--r-- | src/ffi/luau/lauxlib.rs | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/src/ffi/luau/lauxlib.rs b/src/ffi/luau/lauxlib.rs index 669a08f..af7d1c2 100644 --- a/src/ffi/luau/lauxlib.rs +++ b/src/ffi/luau/lauxlib.rs @@ -72,6 +72,11 @@ extern "C" { // TODO: luaL_findtable pub fn luaL_typename(L: *mut lua_State, idx: c_int) -> *const c_char; + + // sandbox libraries and globals + #[link_name = "luaL_sandbox"] + pub fn luaL_sandbox_(L: *mut lua_State); + pub fn luaL_sandboxthread(L: *mut lua_State); } // @@ -123,6 +128,29 @@ pub unsafe fn luaL_unref(L: *mut lua_State, t: c_int, r#ref: c_int) { lua::lua_unref(L, r#ref) } +pub unsafe fn luaL_sandbox(L: *mut lua_State, enabled: c_int) { + use super::lua::*; + + // set all libraries to read-only + lua_pushnil(L); + while lua_next(L, LUA_GLOBALSINDEX) != 0 { + if lua_istable(L, -1) != 0 { + lua_setreadonly(L, -1, enabled); + } + lua_pop(L, 1); + } + + // set all builtin metatables to read-only + lua_pushliteral(L, ""); + lua_getmetatable(L, -1); + lua_setreadonly(L, -1, enabled); + lua_pop(L, 2); + + // set globals to readonly and activate safeenv since the env is immutable + lua_setreadonly(L, LUA_GLOBALSINDEX, enabled); + lua_setsafeenv(L, LUA_GLOBALSINDEX, enabled); +} + // // TODO: Generic Buffer Manipulation // |