diff --git a/CHANGES.txt b/CHANGES.txt index e6d6a63e9..6f0f328a3 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,3 +1,11 @@ +0.10.0 (2015-??-??) +=================== + +Features +-------- + +* Allow multiple sandbox module directories to be specified (#1525). + 0.10.0b0 (2015-07-13) ===================== diff --git a/sandbox/lua/lua_sandbox.go.in b/sandbox/lua/lua_sandbox.go.in index 0afc4979b..b900a7e4b 100644 --- a/sandbox/lua/lua_sandbox.go.in +++ b/sandbox/lua/lua_sandbox.go.in @@ -50,6 +50,19 @@ remove_entries = { [''] = { 'dofile', 'load', 'loadfile','loadstring', 'print'}, os = {'exit', 'setlocale'}}}` +const SandboxTemplate = `{ +memory_limit = %d, +instruction_limit = %d, +output_limit = %d, +path = [[%s]], +cpath = [[%s]], +remove_entries = { +[''] = {'collectgarbage','coroutine','dofile','load','loadfile','loadstring','newproxy','print'}, +os = {'getenv','execute','exit','remove','rename','setlocale','tmpname'} +}, +disable_modules = {io = 1} +}` + func extractLuaFieldName(wrapped string) (fn string, found bool) { if l := len(wrapped); l > 0 && wrapped[l-1] == ']' { if strings.HasPrefix(wrapped, "Fields[") { @@ -647,31 +660,38 @@ type LuaSandbox struct { } func CreateLuaSandbox(conf *sandbox.SandboxConfig) (sandbox.Sandbox, error) { + var ( + lua_path, lua_cpath []string + template string + ) lsb := new(LuaSandbox) lsb.sbConfig = conf cs := C.CString(conf.ScriptFilename) defer C.free(unsafe.Pointer(cs)) + + paths := strings.Split(conf.ModuleDirectory, ";") + for _, p := range paths { + lua_path = append(lua_path, filepath.Join(p, "?.lua")) + lua_cpath = append(lua_cpath, filepath.Join(p, "?@LUA_SHARED_LIBRARY_SUFFIX@")) + } + if conf.PluginType == "output" || conf.PluginType == "input" { - cfg := fmt.Sprintf(SandboxIoTemplate, - conf.MemoryLimit, - conf.InstructionLimit, - conf.OutputLimit, - filepath.Join(conf.ModuleDirectory, "?.lua"), - filepath.Join(conf.ModuleDirectory, "?@LUA_SHARED_LIBRARY_SUFFIX@")) - ccfg := C.CString(cfg) - defer C.free(unsafe.Pointer(ccfg)) - lsb.lsb = C.lsb_create_custom(unsafe.Pointer(lsb), cs, ccfg) + template = SandboxIoTemplate } else { - md := C.CString(conf.ModuleDirectory) - defer C.free(unsafe.Pointer(md)) - lsb.lsb = C.lsb_create(unsafe.Pointer(lsb), - cs, - md, - C.uint(conf.MemoryLimit), - C.uint(conf.InstructionLimit), - C.uint(conf.OutputLimit)) + template = SandboxTemplate } + cfg := fmt.Sprintf(template, + conf.MemoryLimit, + conf.InstructionLimit, + conf.OutputLimit, + strings.Join(lua_path, ";"), + strings.Join(lua_cpath, ";")) + ccfg := C.CString(cfg) + defer C.free(unsafe.Pointer(ccfg)) + + lsb.lsb = C.lsb_create_custom(unsafe.Pointer(lsb), cs, ccfg) + if lsb.lsb == nil { return nil, fmt.Errorf("Sandbox creation failed") } diff --git a/sandbox/lua/lua_sandbox_test.go b/sandbox/lua/lua_sandbox_test.go index 3e967b409..2d423575d 100644 --- a/sandbox/lua/lua_sandbox_test.go +++ b/sandbox/lua/lua_sandbox_test.go @@ -295,7 +295,7 @@ func TestAPIErrors(t *testing.T) { "invalid error message", } msgs := []string{ - "process_message() ./testsupport/errors.lua:11: module 'unknown' not found:\n\tno file '/unknown.lua'\n\tno file '/unknown.so'", + "process_message() ./testsupport/errors.lua:11: module 'unknown' not found:\n\tno file 'unknown.lua'\n\tno file 'unknown.so'", "process_message() ./testsupport/errors.lua:13: bad argument #0 to 'add_to_payload' (must have at least one argument)", "process_message() not enough memory", "process_message() instruction_limit exceeded", diff --git a/sandbox/lua/testsupport/modules/dummy.lua b/sandbox/lua/testsupport/modules/dummy.lua new file mode 100644 index 000000000..5328836c3 --- /dev/null +++ b/sandbox/lua/testsupport/modules/dummy.lua @@ -0,0 +1,6 @@ +local M = {} +setfenv(1, M) -- Remove external access to contain everything in the module. + +version = "1.0.0" + +return M diff --git a/sandbox/lua/testsupport/output.lua b/sandbox/lua/testsupport/output.lua index d1fe5534f..02d188b00 100644 --- a/sandbox/lua/testsupport/output.lua +++ b/sandbox/lua/testsupport/output.lua @@ -1,5 +1,6 @@ require "io" require "string" +require "dummy" function process_message() local payload = read_message("Payload") diff --git a/sandbox/plugins/sandbox_manager_filter.go b/sandbox/plugins/sandbox_manager_filter.go index bd2b5900b..3cc0023c2 100644 --- a/sandbox/plugins/sandbox_manager_filter.go +++ b/sandbox/plugins/sandbox_manager_filter.go @@ -100,7 +100,7 @@ func (this *SandboxManagerFilter) Init(config interface{}) (err error) { globals := this.pConfig.Globals this.maxFilters = conf.MaxFilters this.workingDirectory = globals.PrependBaseDir(conf.WorkingDirectory) - this.moduleDirectory = globals.PrependShareDir(conf.ModuleDirectory) + this.moduleDirectory = conf.ModuleDirectory this.memoryLimit = conf.MemoryLimit this.instructionLimit = conf.InstructionLimit this.outputLimit = conf.OutputLimit diff --git a/sandbox/plugins/sandbox_output_test.go b/sandbox/plugins/sandbox_output_test.go index fd619ef14..8e48b69a3 100644 --- a/sandbox/plugins/sandbox_output_test.go +++ b/sandbox/plugins/sandbox_output_test.go @@ -43,7 +43,7 @@ func OutputSpec(c gs.Context) { output.SetPipelineConfig(pConfig) conf := output.ConfigStruct().(*sandbox.SandboxConfig) conf.ScriptFilename = "../lua/testsupport/output.lua" - conf.ModuleDirectory = "../lua/modules" + conf.ModuleDirectory = "../lua/modules;../lua/testsupport/modules" supply := make(chan *pipeline.PipelinePack, 1) pack := pipeline.NewPipelinePack(supply) data := "1376389920 debug id=2321 url=example.com item=1"