为lua构建沙盒环境
发布时间:2020-12-14 22:19:10 所属栏目:大数据 来源:网络整理
导读:我们有时需要限制lua代码的运行环境,或者是让使用者不能访问到lua的一些全局函数.lua语言本身没有类似于C++,C#,Java那样的成员访问控制. 但lua提供了setfenv函数可以很灵活的处理各类权限问题 废话不多说,看代码 1: -- 创建沙盒 2: function SpawnSandBox( )
我们有时需要限制lua代码的运行环境,或者是让使用者不能访问到lua的一些全局函数.lua语言本身没有类似于C++,C#,Java那样的成员访问控制. 但lua提供了setfenv函数可以很灵活的处理各类权限问题 废话不多说,看代码 1: -- 创建沙盒
2: function SpawnSandBox( ) 3:
4: local SandBoxGlobals = {} 5:
6: -- 基础函数添加
7: SandBoxGlobals.print = print
8: SandBoxGlobals.table = table
9: SandBoxGlobals.string = string
10: SandBoxGlobals.math = math
11: SandBoxGlobals.assert = assert
12: SandBoxGlobals.getmetatable = getmetatable
13: SandBoxGlobals.ipairs = ipairs
14: SandBoxGlobals.pairs = pairs
15: SandBoxGlobals.pcall = pcall
16: SandBoxGlobals.setmetatable = setmetatable
17: SandBoxGlobals.tostring = tostring
18: SandBoxGlobals.tonumber = tonumber
19: SandBoxGlobals.type = type
20: SandBoxGlobals.unpack = unpack
21: SandBoxGlobals.collectgarbage = collectgarbage
22: SandBoxGlobals._G = SandBoxGlobals
23:
24: return SandBoxGlobals 25: end 26:
27: -- 在沙盒内执行脚本,出错时返回错误,nil表示正确
28: function ExecuteInSandBox( SandBox,Script ) 29:
30: local ScriptFunc,CompileError = loadstring( Script ) 31:
32: if CompileError then 33: return CompileError 34: end 35:
36: setfenv( ScriptFunc,SandBox )
37:
38: local Result,RuntimeError = pcall( ScriptFunc ) 39: if RuntimeError then 40: return RuntimeError 41: end 42:
43: return nil 44: end 45:
46: function ProtectedFunction( ) 47: print("protected func") 48: end 49:
50:
51: local SandBox = SpawnSandBox( ) 52:
53:
54: print ( "Response=",ExecuteInSandBox( SandBox,"table.foreach( _G,print )" ) ) 55:
56: print ( "Response=","ProtectedFunction()" ) ) 57:
58: SandBox.ProtectedFunction = ProtectedFunction
59:
60: print ( "Response=","ProtectedFunction()" ) ) 54行执行结果是 1: _G table: 00421258
2: string table: 00421050
3: pairs function: 00567F58 4: collectgarbage function: 005675F0 5: unpack function: 004217E8 6: assert function: 005675B0 7: print function: 00567830 8: ipairs function: 00567F28 9: type function: 004217A8 10: tonumber function: 00421768 11: tostring function: 00421788 12: table table: 00420DA8
13: math table: 004210C8
14: setmetatable function: 00421748 15: getmetatable function: 00567710 16: pcall function: 005677F0 17: Response= nil
54行由于没有注册这个全局函数,因此无法访问
Response=??? [string "ProtectedFunction()"]:1: attempt to call global 'ProtectedFunction' (a nil value)
58行在全局环境中加上了这个函数,因此在60行访问正常
protected func Response=??? nil
(编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |