mirror of
https://github.com/Chatterino/chatterino2.git
synced 2024-11-21 22:24:07 +01:00
Remove libraryPermissions in favor of loading safe(ish) stdlib part
This commit is contained in:
parent
16d2d02787
commit
52832b43e5
3 changed files with 19 additions and 48 deletions
|
@ -26,8 +26,6 @@ struct PluginMeta {
|
||||||
|
|
||||||
std::vector<QString> tags;
|
std::vector<QString> tags;
|
||||||
|
|
||||||
std::set<QString> libraryPermissions;
|
|
||||||
|
|
||||||
explicit PluginMeta(const QJsonObject &obj)
|
explicit PluginMeta(const QJsonObject &obj)
|
||||||
: name(obj.value("name").toString("A Plugin with no name"))
|
: name(obj.value("name").toString("A Plugin with no name"))
|
||||||
, description(obj.value("description").toString("Nothing here"))
|
, description(obj.value("description").toString("Nothing here"))
|
||||||
|
@ -51,17 +49,6 @@ struct PluginMeta {
|
||||||
{
|
{
|
||||||
this->tags.push_back(t.toString());
|
this->tags.push_back(t.toString());
|
||||||
}
|
}
|
||||||
for (const auto &t : obj.value("library_permissions").toArray())
|
|
||||||
{
|
|
||||||
this->libraryPermissions.insert(t.toString());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
bool hasDangerousLibraries()
|
|
||||||
{
|
|
||||||
const auto *perms = &this->libraryPermissions;
|
|
||||||
return perms->contains("io") || perms->contains("package") ||
|
|
||||||
perms->contains("os");
|
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -103,30 +103,36 @@ bool PluginController::tryLoadFromDir(const QDir &pluginDir)
|
||||||
}
|
}
|
||||||
void PluginController::openLibrariesFor(lua_State *L, PluginMeta meta)
|
void PluginController::openLibrariesFor(lua_State *L, PluginMeta meta)
|
||||||
{
|
{
|
||||||
// copied from linit.c
|
// Stuff to change, remove or hide behind a permission system:
|
||||||
// NOLINTNEXTLINE
|
|
||||||
static const std::vector<luaL_Reg> loadedlibs = {
|
static const std::vector<luaL_Reg> loadedlibs = {
|
||||||
luaL_Reg{LUA_GNAME, luaopen_base},
|
luaL_Reg{LUA_GNAME, luaopen_base},
|
||||||
luaL_Reg{LUA_LOADLIBNAME, luaopen_package},
|
// - print - writes to stdout, should be replaced with a per-plugin log
|
||||||
luaL_Reg{LUA_COLIBNAME, luaopen_coroutine},
|
// - load, loadstring, loadfile, dofile - don't allow bytecode, *require* valid utf8 (which bytecode by design isn't)
|
||||||
|
|
||||||
|
// luaL_Reg{LUA_LOADLIBNAME, luaopen_package},
|
||||||
|
// - explicit fs access, probably best to make our own require() function
|
||||||
|
|
||||||
|
//luaL_Reg{LUA_COLIBNAME, luaopen_coroutine},
|
||||||
|
// - needs special support
|
||||||
luaL_Reg{LUA_TABLIBNAME, luaopen_table},
|
luaL_Reg{LUA_TABLIBNAME, luaopen_table},
|
||||||
luaL_Reg{LUA_IOLIBNAME, luaopen_io},
|
// luaL_Reg{LUA_IOLIBNAME, luaopen_io},
|
||||||
luaL_Reg{LUA_OSLIBNAME, luaopen_os},
|
// - explicit fs access, needs wrapper with permissions, no usage ideas yet
|
||||||
|
// luaL_Reg{LUA_OSLIBNAME, luaopen_os},
|
||||||
|
// - fs access
|
||||||
|
// - environ access
|
||||||
|
// - exit
|
||||||
luaL_Reg{LUA_STRLIBNAME, luaopen_string},
|
luaL_Reg{LUA_STRLIBNAME, luaopen_string},
|
||||||
luaL_Reg{LUA_MATHLIBNAME, luaopen_math},
|
luaL_Reg{LUA_MATHLIBNAME, luaopen_math},
|
||||||
luaL_Reg{LUA_UTF8LIBNAME, luaopen_utf8},
|
luaL_Reg{LUA_UTF8LIBNAME, luaopen_utf8},
|
||||||
luaL_Reg{LUA_DBLIBNAME, luaopen_debug},
|
// luaL_Reg{LUA_DBLIBNAME, luaopen_debug},
|
||||||
luaL_Reg{NULL, NULL},
|
// - this allows the plugin developer to unleash all hell
|
||||||
};
|
};
|
||||||
|
|
||||||
for (const auto ® : loadedlibs)
|
for (const auto ® : loadedlibs)
|
||||||
{
|
|
||||||
if (meta.libraryPermissions.contains(QString(reg.name)))
|
|
||||||
{
|
{
|
||||||
luaL_requiref(L, reg.name, reg.func, int(true));
|
luaL_requiref(L, reg.name, reg.func, int(true));
|
||||||
lua_pop(L, 1);
|
lua_pop(L, 1);
|
||||||
}
|
}
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void PluginController::load(QFileInfo index, QDir pluginDir, PluginMeta meta)
|
void PluginController::load(QFileInfo index, QDir pluginDir, PluginMeta meta)
|
||||||
|
|
|
@ -93,28 +93,6 @@ void PluginsPage::rebuildContent()
|
||||||
pl->addRow("Homepage", homepage);
|
pl->addRow("Homepage", homepage);
|
||||||
pl->addRow("License", new QLabel(plugin->meta.license));
|
pl->addRow("License", new QLabel(plugin->meta.license));
|
||||||
|
|
||||||
QString libString;
|
|
||||||
for (const auto &library : plugin->meta.libraryPermissions)
|
|
||||||
{
|
|
||||||
if (!libString.isEmpty())
|
|
||||||
{
|
|
||||||
libString += ", ";
|
|
||||||
}
|
|
||||||
libString += library;
|
|
||||||
}
|
|
||||||
bool hasDangerous = plugin->meta.hasDangerousLibraries();
|
|
||||||
if (hasDangerous)
|
|
||||||
{
|
|
||||||
libString += "\nDetected potentially dangerous libraries used, be "
|
|
||||||
"careful with this plugin";
|
|
||||||
}
|
|
||||||
auto *libs = new QLabel(libString);
|
|
||||||
if (hasDangerous)
|
|
||||||
{
|
|
||||||
libs->setStyleSheet("color: red");
|
|
||||||
}
|
|
||||||
pl->addRow("Used libraries", libs);
|
|
||||||
|
|
||||||
QString cmds;
|
QString cmds;
|
||||||
for (const auto &cmdName : plugin->listRegisteredCommands())
|
for (const auto &cmdName : plugin->listRegisteredCommands())
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in a new issue