This is a read-only snapshot of the ComputerCraft forums, taken in April 2020.
ComputerCraftProgramsAPIs and Utilities
Kouksi44's profile picture

Some kind of "sandbox" for your scripts

Started by Kouksi44, 04 January 2015 - 08:28 PM
Kouksi44 #1

Kouksi44's profile picture

89 posts

Location Munich, Germany

Posted 04 January 2015 - 09:28 PM
So this is a tool i simply wrote because I wanted to see if I could make it work :)/>

It is not very big as you can see:
Spoiler

local function iTable(cpTable,newTable,func)

  for k,v in pairs(cpTable) do
	if type(v)=="table" then
	  newTable[k]={}
	  iTable(v,newTable[k],func)
	else
	newTable[k]=func
	end
  end
return newTable
end
local function blocked()
  error("Blocked function!",2)
end


local function getFunc(f)
  if fs.exists(f) then
	fu=fs.open(f,"r")
	funct=fu.readAll()
	fu.close()
	funct=loadstring(funct)
	return funct
  else
  end
end
function setEnvironment(sfunc,blockedFuncs,bFunc)
  if sfunc==nil then
	error("Must be  2 arguments")
  end
  bErr=bFunc or blocked
if type(sfunc)=="string" then
  func=getFunc(sfunc)
elseif type(sfunc)=="function" then
  func=sfunc
end
local env=setmetatable({},{__index=_G})
local nBlocked=iTable(blockedFuncs,env,bErr)
	
setfenv(func,nBlocked)
func()
end

So what is this doing ?

It takes either a function or a path to a file and runs it with the given restrictions.

The only function you have to call is :
 setEnvironment(functionYouWantToSandbox,TableOfBlockedFunctions,AlternativeFunctionForBlockedOnes)

It will then run your function(or file) and as soon as theres a function that is blocked by the user it will call the function passed through the third argument( if no argument is given it will error at the first occurance of a blocked function with "blocked function!")
Uhm well yeah thats it ^^.

A small example:

blockedFuncs={ os={shutdown=true,reboot=true},setfenv=true,setmetatable=true,shell={run=true}}

setEnvironment(yourFunc,blockedFuncs,function() print("A blocked function was called !") end)

Now if your function contains something like os.shutdown or setmetatable(blah) it would print "A blocked function was called !" instead of actually shutting the computer down for example !

If there are any bugs i will try to fix them ! :)/>

Pastebin:
 http://pastebin.com/2f2qSe4i

Ingame: 
 pastebin get 2f2qSe4i sandbox

Hope you like it :D/> !

Kouksi44
Edited on 04 January 2015 - 08:34 PM
InDieTasten #2

InDieTasten's profile picture

355 posts

Location Germany

Posted 17 January 2015 - 01:32 PM
It actually works xD
Don't know why, but I was expecting it not to^^

Would be nice to have a way of passing arguments to that function without having to encapsulate them in another function call within the "yourFunc" ;)/>
Kouksi44 #3

Kouksi44's profile picture

89 posts

Location Munich, Germany

Posted 18 January 2015 - 10:41 AM
Well I am definitely going to implement this in the next version. I think I am just gonna split the whole thing up into to separate functions. One for setting up the environment and one for running the function. This way you will be able to pass as many arguments as you want ^^
HometownPotato #4

HometownPotato's profile picture

62 posts

Posted 18 January 2015 - 11:08 AM
Well this is cool but it is very easy to bypass.
It's really as simple as: getfenv(2).shell.run("prog");

You should block getfenv and loadstring and other functions people shouldn't need.
But setmetatable and getmetatable should stay enabled since there is no point in disabling it and iTable/getFunc should not be local since the sandboxed code will be able to access them if they are local.
minebuild02 #5

minebuild02's profile picture

100 posts

Posted 16 March 2015 - 05:36 PM
Can I use this in my antivirus?
Kouksi44 #6

Kouksi44's profile picture

89 posts

Location Munich, Germany

Posted 16 March 2015 - 07:42 PM
Sure go ahead :D/> but don't expect it to be 100% save !