silly_face_
Reputation: 11
how do you set up Lupa to restrict access to any Python objects/function from within Lua code?
I want to run user submitted Lua code within Python using Lupa. To do this safely, I want to sandbox the Lua code at source-code level. So far, I've managed to prevent the user-supplied code from accessing any dangerous Lua functions.
Now, I want to restrict the user-supplied Lua code from accessing any Python objects/functions.
I've tried to create an attribute_filter that always raises an AttributeError:
def filter_attribute_access(obj, attr_name, is_setting):
raise AttributeError('access denied')
and initialized the LuaRuntime as follows:
lua_no_py = lupa.LuaRuntime(
register_eval=False,
attribute_filter=filter_attribute_access)
But I can still use Python functions, including built in ones:
obj = [1, 2, 3]
lua_func = lua_no_py.eval('function(py_obj) return python.iter(py_obj) end')
res = lua_func(obj)
print(res)
How can you prevent user-supplied code from accessing any Python code? And how do you test that it's successful?
Upvotes: 0
Views: 238
Answers (1)
Related Questions
- Best way to achieve private functions in lua object?
- Run Lua script from Python
- How can I set the function environment for a Python function?
- Calling python function from Lua program
- How to call a Python function from Lua?
- Can Lupa be used to run untrusted lua code in python?
- How can I limit lua possibilities (calling OS functions, modules, etc.)
- Sandboxing Embedded Lua in 5.2 / Set Envirenment for Functions from lua.file
- Making global environment access-only (Lua)
- Lua Sandboxing - Eliminating Function Creation