diff options
author | Hans Hagen <pragma@wxs.nl> | 2017-02-17 10:31:56 +0100 |
---|---|---|
committer | Context Git Mirror Bot <phg42.2a@gmail.com> | 2017-02-17 10:31:56 +0100 |
commit | b14f992ef5f4e868c9959b174278c86516d60dbc (patch) | |
tree | 28587bb46c025ea7b0d27ba93f09c93dcf53c73a /tex/context/base/mkiv/l-sandbox.lua | |
parent | 95a1799032dc61dbca4a11e495be34b4397c8fec (diff) | |
download | context-b14f992ef5f4e868c9959b174278c86516d60dbc.tar.gz |
2017-02-17 10:23:00
Diffstat (limited to 'tex/context/base/mkiv/l-sandbox.lua')
-rw-r--r-- | tex/context/base/mkiv/l-sandbox.lua | 105 |
1 files changed, 87 insertions, 18 deletions
diff --git a/tex/context/base/mkiv/l-sandbox.lua b/tex/context/base/mkiv/l-sandbox.lua index f7901379c..a95e70395 100644 --- a/tex/context/base/mkiv/l-sandbox.lua +++ b/tex/context/base/mkiv/l-sandbox.lua @@ -8,8 +8,8 @@ if not modules then modules = { } end modules ['l-sandbox'] = { -- We use string instead of function variables, so 'io.open' instead of io.open. That -- way we can still intercept repetetive overloads. One complication is that when we use --- sandboxed function sin helpers in the sanbox checkers, we can get a recursion loop --- so for that vreason we need to keep originals around till we enable the sandbox. +-- sandboxed functions in helpers in the sanbox checkers, we can get a recursion loop +-- so for that reason we need to keep originals around till we enable the sandbox. -- if sandbox then return end @@ -23,6 +23,8 @@ local format = string.format -- no formatters yet local concat = table.concat local sort = table.sort local gmatch = string.gmatch +local gsub = string.gsub +local requiem = require sandbox = { } local sandboxed = false @@ -34,6 +36,7 @@ local originals = { } local comments = { } local trace = false local logger = false +local blocked = { } -- this comes real early, so that we can still alias @@ -139,29 +142,62 @@ function sandbox.overload(func,overload,comment) return func end -function sandbox.initializer(f) - if not sandboxed then - initializers[#initializers+1] = f +local function whatever(specification,what,target) + if type(specification) ~= "table" then + report("%s needs a specification",what) + elseif type(specification.category) ~= "string" or type(specification.action) ~= "function" then + report("%s needs a category and action",what) + elseif not sandboxed then + target[#target+1] = specification elseif trace then - report("already enabled, discarding initializer") + report("already enabled, discarding %s",what) end end -function sandbox.finalizer(f) - if not sandboxed then - finalizers[#finalizers+1] = f - elseif trace then - report("already enabled, discarding finalizer") +function sandbox.initializer(specification) + whatever(specification,"initializer",initializers) +end + +function sandbox.finalizer(specification) + whatever(specification,"finalizer",finalizers) +end + +function require(name) + local n = gsub(name,"^.*[\\/]","") + local n = gsub(n,"[%.].*$","") + local b = blocked[n] + if b then + if trace then + report("using blocked: %s",n) + end + return b + else + if trace then + report("requiring: %s",name) + end + return requiem(name) + end +end + +function blockrequire(name,lib) + if trace then + report("preventing reload of: %s",name) end + blocked[name] = lib or _G[name] +end + +if TEXENGINE == "luajittex" or not ffi then + local ok + ok, ffi = pcall(require,"ffi") end function sandbox.enable() if not sandboxed then for i=1,#initializers do - initializers[i]() + initializers[i].action() end for i=1,#finalizers do - finalizers[i]() + finalizers[i].action() end local nnot = 0 local nyes = 0 @@ -189,22 +225,48 @@ function sandbox.enable() end if #cyes > 0 then sort(cyes) - report(" overloaded known : %s",concat(cyes," | ")) + report("overloaded known: %s",concat(cyes," | ")) end if nyes > 0 then - report(" overloaded unknown : %s",nyes) + report("overloaded unknown: %s",nyes) end if #cnot > 0 then sort(cnot) - report("not overloaded known : %s",concat(cnot," | ")) + report("not overloaded known: %s",concat(cnot," | ")) end if nnot > 0 then - report("not overloaded unknown : %s",nnot) + report("not overloaded unknown: %s",nnot) end if #skip > 0 then sort(skip) - report("not overloaded redefined : %s",concat(skip," | ")) + report("not overloaded redefined: %s",concat(skip," | ")) end + -- + -- if ffi then + -- report("disabling ffi") + -- -- for k, v in next, ffi do + -- -- if k ~= "gc" then + -- -- local t = type(v) + -- -- if t == "function" then + -- -- ffi[k] = function() report("accessing ffi.%s",k) end + -- -- elseif t == "number" then + -- -- ffi[k] = 0 + -- -- elseif t == "string" then + -- -- ffi[k] = "" + -- -- elseif t == "table" then + -- -- ffi[k] = { } + -- -- else + -- -- ffi[k] = false + -- -- end + -- -- end + -- -- end + -- for k, v in next, ffi do + -- if k ~= "gc" then + -- ffi[k] = nil + -- end + -- end + -- end + -- initializers = nil finalizers = nil originals = nil @@ -212,6 +274,13 @@ function sandbox.enable() end end +blockrequire("lfs",lfs) +blockrequire("io",io) +blockrequire("os",os) +blockrequire("ffi",ffi) + +-- require = register(require,"require") + -- we sandbox some of the built-in functions now: -- todo: require |