Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

LuaInterface - how-to restrict access to .Net classes?

Tags:

c#

scripting

lua

luainterface

I'm trying to embed some Lua scripting functionality in my C# app by using LuaInterface 2.0.3. This is working just fine so far, but I can't figure out how to restrict access to only few specified .Net classes. By default, all .Net libraries are directly accessible through "luanet" and Lua scripts are free to open new windows or access the file system.

e.g. this Lua script will open a new Window:

   Form = luanet.System.Windows.Forms.Form
   mainForm = Form()
   mainForm:ShowDialog()

Freedom of scripting is great and all, but this is likely to interfere with the hosting app and has some security-related implications I'm not too fond of. Is there any way to disable this?

like image 278
Mario Avatar asked May 30 '11 00:05

Mario

1 Answers

--make a table for all the classes you want to expose
safeClasses = {}
--store all the ones you want
safeClasses.Form = luanet.System.Windows.Forms.Form
--etc...

--remove access to LuaInterface
luanet = nil
package.loaded.luanet = nil
--prevent future packages from being loaded
require = nil
package.loadlib = nil

You could also do this in reverse, removing the global and stored instances of LuaInterface first and then doing all the work through a local reference (which all code in the rest of the block can use):

--get a local reference to LuaInterface without clobbering the name
local luainterface = luanet

--delete the global reference to it
luanet = nil

--also delete it from the package store and disable package loading
package.loaded.luanet = nil
require = nil
package.loadlib = nil

--put luanet back locally at its original name (for convenience)
local luanet = luainterface 

--make a table for all the classes you want to expose
safeClasses = {}
--store all the ones you want
safeClasses.Form = luanet.System.Windows.Forms.Form
--etc...

(You can avoid the three-step name-preservation dance above (local luainterface=luanet; luanet=nil; local luanet=luainterface) by localizing directly to luanet and then deleting the global through the _G reference to the global table:

local luanet=_G.luanet
_G.luanet = nil

I just chose not to as a matter of personal preference.)

like image 170
Stuart P. Bentley Avatar answered Nov 08 '22 16:11

Stuart P. Bentley
Sign in to Comment

Related questions

How to deal with scope-natured services like transactions in a DI and IOC environment
Adding error message to validation summary from code behind
Where is my streaming subscription going?
How do I perform an AND search in Lucene.net when multiple words are used in a search?
Dynamic View Animations using MVVM
NetworkCredential error in ASP.NET
Visual Studio Green Warning Underlines
Inheritance with Silverlight User Control Partial Classes
Linq to XML Queries
How to maintain tab order after postback
detect windows errors/popups
Accessing a static property of a child in a parent method - Design considerations
My Enum is not recognized using reflection and PropertyInfo
Is there a way to tell which EventLog caused the EntryWritten event in C#?
Why is Thread.CurrentThread.CurrentCulture.Name showing "en-US" when my server's regional language is set to English (United Kingdom)
Silverlight: Value does not fall within the expected range exception
C# and VB.NET LDAP Search Different?
MVC 3 Custom Errors Not Showing
RNGCryptoServiceProvider: generate random numbers in the range [0, randomMax)
SendInput to minimized window

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!