From 52832b43e573285bef51bfed9b29dae65c46959e Mon Sep 17 00:00:00 2001
From: Mm2PL <miau@mail.kotmisia.pl>
Date: Thu, 2 Feb 2023 14:41:25 +0100
Subject: [PATCH] Remove libraryPermissions in favor of loading safe(ish)
 stdlib part

---
 src/controllers/plugins/Plugin.hpp           | 13 --------
 src/controllers/plugins/PluginController.cpp | 32 ++++++++++++--------
 src/widgets/settingspages/PluginsPage.cpp    | 22 --------------
 3 files changed, 19 insertions(+), 48 deletions(-)

diff --git a/src/controllers/plugins/Plugin.hpp b/src/controllers/plugins/Plugin.hpp
index 27ad69a97..86c2ded5b 100644
--- a/src/controllers/plugins/Plugin.hpp
+++ b/src/controllers/plugins/Plugin.hpp
@@ -26,8 +26,6 @@ struct PluginMeta {
 
     std::vector<QString> tags;
 
-    std::set<QString> libraryPermissions;
-
     explicit PluginMeta(const QJsonObject &obj)
         : name(obj.value("name").toString("A Plugin with no name"))
         , description(obj.value("description").toString("Nothing here"))
@@ -51,17 +49,6 @@ struct PluginMeta {
         {
             this->tags.push_back(t.toString());
         }
-        for (const auto &t : obj.value("library_permissions").toArray())
-        {
-            this->libraryPermissions.insert(t.toString());
-        }
-    }
-
-    bool hasDangerousLibraries()
-    {
-        const auto *perms = &this->libraryPermissions;
-        return perms->contains("io") || perms->contains("package") ||
-               perms->contains("os");
     }
 };
 
diff --git a/src/controllers/plugins/PluginController.cpp b/src/controllers/plugins/PluginController.cpp
index 6a1313cb1..b2c79bd92 100644
--- a/src/controllers/plugins/PluginController.cpp
+++ b/src/controllers/plugins/PluginController.cpp
@@ -103,29 +103,35 @@ bool PluginController::tryLoadFromDir(const QDir &pluginDir)
 }
 void PluginController::openLibrariesFor(lua_State *L, PluginMeta meta)
 {
-    // copied from linit.c
-    // NOLINTNEXTLINE
+    // Stuff to change, remove or hide behind a permission system:
     static const std::vector<luaL_Reg> loadedlibs = {
         luaL_Reg{LUA_GNAME, luaopen_base},
-        luaL_Reg{LUA_LOADLIBNAME, luaopen_package},
-        luaL_Reg{LUA_COLIBNAME, luaopen_coroutine},
+        // - print - writes to stdout, should be replaced with a per-plugin log
+        // - load, loadstring, loadfile, dofile - don't allow bytecode, *require* valid utf8 (which bytecode by design isn't)
+
+        // luaL_Reg{LUA_LOADLIBNAME, luaopen_package},
+        // - explicit fs access, probably best to make our own require() function
+
+        //luaL_Reg{LUA_COLIBNAME, luaopen_coroutine},
+        // - needs special support
         luaL_Reg{LUA_TABLIBNAME, luaopen_table},
-        luaL_Reg{LUA_IOLIBNAME, luaopen_io},
-        luaL_Reg{LUA_OSLIBNAME, luaopen_os},
+        // luaL_Reg{LUA_IOLIBNAME, luaopen_io},
+        // - explicit fs access, needs wrapper with permissions, no usage ideas yet
+        // luaL_Reg{LUA_OSLIBNAME, luaopen_os},
+        // - fs access
+        // - environ access
+        // - exit
         luaL_Reg{LUA_STRLIBNAME, luaopen_string},
         luaL_Reg{LUA_MATHLIBNAME, luaopen_math},
         luaL_Reg{LUA_UTF8LIBNAME, luaopen_utf8},
-        luaL_Reg{LUA_DBLIBNAME, luaopen_debug},
-        luaL_Reg{NULL, NULL},
+        // luaL_Reg{LUA_DBLIBNAME, luaopen_debug},
+        // - this allows the plugin developer to unleash all hell
     };
 
     for (const auto &reg : loadedlibs)
     {
-        if (meta.libraryPermissions.contains(QString(reg.name)))
-        {
-            luaL_requiref(L, reg.name, reg.func, int(true));
-            lua_pop(L, 1);
-        }
+        luaL_requiref(L, reg.name, reg.func, int(true));
+        lua_pop(L, 1);
     }
 }
 
diff --git a/src/widgets/settingspages/PluginsPage.cpp b/src/widgets/settingspages/PluginsPage.cpp
index d37aea254..df4f8aa15 100644
--- a/src/widgets/settingspages/PluginsPage.cpp
+++ b/src/widgets/settingspages/PluginsPage.cpp
@@ -93,28 +93,6 @@ void PluginsPage::rebuildContent()
         pl->addRow("Homepage", homepage);
         pl->addRow("License", new QLabel(plugin->meta.license));
 
-        QString libString;
-        for (const auto &library : plugin->meta.libraryPermissions)
-        {
-            if (!libString.isEmpty())
-            {
-                libString += ", ";
-            }
-            libString += library;
-        }
-        bool hasDangerous = plugin->meta.hasDangerousLibraries();
-        if (hasDangerous)
-        {
-            libString += "\nDetected potentially dangerous libraries used, be "
-                         "careful with this plugin";
-        }
-        auto *libs = new QLabel(libString);
-        if (hasDangerous)
-        {
-            libs->setStyleSheet("color: red");
-        }
-        pl->addRow("Used libraries", libs);
-
         QString cmds;
         for (const auto &cmdName : plugin->listRegisteredCommands())
         {