-
-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathSandboxedGlobals.java
More file actions
79 lines (68 loc) · 2.95 KB
/
SandboxedGlobals.java
File metadata and controls
79 lines (68 loc) · 2.95 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
package dev.amble.lib.script.lua;
import org.luaj.vm2.Globals;
import org.luaj.vm2.LoadState;
import org.luaj.vm2.LuaValue;
import org.luaj.vm2.compiler.LuaC;
import org.luaj.vm2.lib.BaseLib;
import org.luaj.vm2.lib.Bit32Lib;
import org.luaj.vm2.lib.StringLib;
import org.luaj.vm2.lib.TableLib;
import org.luaj.vm2.lib.jse.JseMathLib;
/**
* Creates a sandboxed Lua environment that prevents access to dangerous APIs.
* <p>
* This specifically excludes:
* <ul>
* <li>luajava - Prevents arbitrary Java class access and code execution</li>
* <li>os library - Prevents system command execution and file operations</li>
* <li>io library - Prevents file system access</li>
* <li>debug library - Prevents environment manipulation and introspection attacks</li>
* <li>package library - Prevents loading modules from disk</li>
* <li>load/loadfile/dofile - Prevents loading code from files</li>
* </ul>
*/
public final class SandboxedGlobals {
private SandboxedGlobals() {
// Utility class
}
/**
* Creates a new sandboxed Lua globals environment.
* This environment is safe to use with untrusted scripts.
*
* @return A new sandboxed Globals instance
*/
public static Globals create() {
Globals globals = new Globals();
// Install safe base libraries only
// Using BaseLib instead of JseBaseLib to avoid any file system access
globals.load(new BaseLib()); // Basic functions (print, type, tostring, etc.)
globals.load(new Bit32Lib()); // Bit operations
globals.load(new TableLib()); // Table manipulation
globals.load(new StringLib()); // String manipulation
globals.load(new JseMathLib()); // Math functions
// NOTE: We intentionally do NOT load:
// - PackageLib (can search/load files from disk)
// - IoLib / JseIoLib (file system access)
// - OsLib / JseOsLib (system commands, file operations)
// - DebugLib (can manipulate environments)
// - LuajavaLib (arbitrary Java class access)
// Install the compiler so scripts can be loaded from strings
LoadState.install(globals);
LuaC.install(globals);
// Remove dangerous functions from base library
removeDangerousFunctions(globals);
return globals;
}
/**
* Removes dangerous functions that could be used to escape the sandbox.
*/
private static void removeDangerousFunctions(Globals globals) {
// Remove functions that can load code from files
globals.set("dofile", LuaValue.NIL); // Loads and executes files from disk
globals.set("loadfile", LuaValue.NIL); // Loads files from disk
// Remove load/loadstring to prevent any dynamic code execution
// This is the safest option as it prevents all forms of dynamic code loading
globals.set("load", LuaValue.NIL);
globals.set("loadstring", LuaValue.NIL);
}
}