diff --git a/.vscode/settings.json b/.vscode/settings.json index b106cdc..503cc64 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,9 +1,11 @@ { - "luau-lsp.types.roblox": false, - "luau-lsp.sourcemap.enabled": false, - "luau-lsp.ignoreGlobs": ["temp/**"], - "luau-lsp.require.mode": "relativeToFile", - "luau-lsp.require.directoryAliases": { - "@lune/": "~/.lune/.typedefs/0.7.4/" - } -} + "luau-lsp.types.roblox": false, + "luau-lsp.sourcemap.enabled": false, + "luau-lsp.ignoreGlobs": [ + "temp/**" + ], + "luau-lsp.require.mode": "relativeToFile", + "luau-lsp.require.directoryAliases": { + "@lune/": "~/.lune/.typedefs/0.8.0/" + } +} \ No newline at end of file diff --git a/modules/sandbox.luau b/modules/sandbox.luau index 7ff7572..e22a930 100644 --- a/modules/sandbox.luau +++ b/modules/sandbox.luau @@ -2,9 +2,8 @@ local fs = require("@lune/fs") local luau = require("@lune/luau") local process = require("@lune/process") local stdio = require("@lune/stdio") - local processArgs = table.clone(process.args) -local filePath: string = table.remove(processArgs, 1) +local filePath: string = table.remove(processArgs, 1) or error("usage: lune run sandbox [SCRIPT_PATH] -- [ARGS]") local DEFAULT_REQUIRE = require local DEFAULT_PRINT = print @@ -12,6 +11,10 @@ local SANDBOXED_ENV = { debugName = filePath, environment = { require = nil, + getfenv = nil, + setfenv = nil, + print = nil, + warn = nil, }, } @@ -49,15 +52,23 @@ local function discoverAndReadScript(filePath: string): string return scriptContents end +local function sandboxGetfenv(): {} + return table.freeze(SANDBOXED_ENV) +end + +local function sandboxSetfenv(env: {}): never + error("cannot call setfenv from sandbox") +end + local function sandboxPrint(...: any) DEFAULT_PRINT(`---- Output from {SANDBOXED_ENV.debugName} ----`) DEFAULT_PRINT(...) DEFAULT_PRINT(`---------------------------------------`) end -local function sandboxedRequire(path: string): T +local function sandboxedRequire(path: string) if path:find("@lune") then - local module = path:split("/")[2] + local module = path:split("/")[2]:gsub("%s", "") if module == "net" or module == "fs" or module == "process" or module == "roblox" then local allow: boolean = @@ -74,7 +85,7 @@ local function sandboxedRequire(path: string): T if module == "roblox" and key == "getAuthCookie" then local allowAuthCookie: boolean = stdio.prompt( "confirm", - `allow {SANDBOXED_ENV.debugName} to access to .ROBLOSECURITY token?` + `allow {SANDBOXED_ENV.debugName} to access your .ROBLOSECURITY token?` ) if allowAuthCookie then @@ -119,12 +130,16 @@ local function sandboxedRequire(path: string): T else local contents = discoverAndReadScript(path) - local evalChunk: () -> T = luau.load(contents, SANDBOXED_ENV) + local evalChunk = luau.load(contents, SANDBOXED_ENV) return evalChunk() end end + + SANDBOXED_ENV.environment.require = sandboxedRequire +SANDBOXED_ENV.environment.getfenv = sandboxGetfenv +SANDBOXED_ENV.environment.setfenv = sandboxSetfenv SANDBOXED_ENV.environment.print = sandboxPrint SANDBOXED_ENV.environment.warn = sandboxPrint luau.load(discoverAndReadScript(filePath), table.freeze(SANDBOXED_ENV))() diff --git a/modules/test.luau b/modules/test.luau new file mode 100644 index 0000000..7ce5515 --- /dev/null +++ b/modules/test.luau @@ -0,0 +1 @@ +print(require("@lune/roblox ").getAuthCookie()) \ No newline at end of file diff --git a/pages/getting-started/5-security.mdx b/pages/getting-started/5-security.mdx index df958be..6fd6ffe 100644 --- a/pages/getting-started/5-security.mdx +++ b/pages/getting-started/5-security.mdx @@ -27,9 +27,8 @@ local fs = require("@lune/fs") local luau = require("@lune/luau") local process = require("@lune/process") local stdio = require("@lune/stdio") - local processArgs = table.clone(process.args) -local filePath: string = table.remove(processArgs, 1) +local filePath: string = table.remove(processArgs, 1) or error("usage: lune run sandbox [SCRIPT_PATH] -- [ARGS]") local DEFAULT_REQUIRE = require local DEFAULT_PRINT = print @@ -37,6 +36,10 @@ local SANDBOXED_ENV = { debugName = filePath, environment = { require = nil, + getfenv = nil, + setfenv = nil, + print = nil, + warn = nil, }, } @@ -74,15 +77,23 @@ local function discoverAndReadScript(filePath: string): string return scriptContents end +local function sandboxGetfenv(): {} + return table.freeze(SANDBOXED_ENV) +end + +local function sandboxSetfenv(env: {}): never + error("cannot call setfenv from sandbox") +end + local function sandboxPrint(...: any) DEFAULT_PRINT(`---- Output from {SANDBOXED_ENV.debugName} ----`) DEFAULT_PRINT(...) DEFAULT_PRINT(`---------------------------------------`) end -local function sandboxedRequire(path: string): T +local function sandboxedRequire(path: string) if path:find("@lune") then - local module = path:split("/")[2] + local module = path:split("/")[2]:gsub("%s", "") if module == "net" or module == "fs" or module == "process" or module == "roblox" then local allow: boolean = @@ -99,7 +110,7 @@ local function sandboxedRequire(path: string): T if module == "roblox" and key == "getAuthCookie" then local allowAuthCookie: boolean = stdio.prompt( "confirm", - `allow {SANDBOXED_ENV.debugName} to access to .ROBLOSECURITY token?` + `allow {SANDBOXED_ENV.debugName} to access your .ROBLOSECURITY token?` ) if allowAuthCookie then @@ -144,12 +155,16 @@ local function sandboxedRequire(path: string): T else local contents = discoverAndReadScript(path) - local evalChunk: () -> T = luau.load(contents, SANDBOXED_ENV) + local evalChunk = luau.load(contents, SANDBOXED_ENV) return evalChunk() end end + + SANDBOXED_ENV.environment.require = sandboxedRequire +SANDBOXED_ENV.environment.getfenv = sandboxGetfenv +SANDBOXED_ENV.environment.setfenv = sandboxSetfenv SANDBOXED_ENV.environment.print = sandboxPrint SANDBOXED_ENV.environment.warn = sandboxPrint luau.load(discoverAndReadScript(filePath), table.freeze(SANDBOXED_ENV))()