Mercurial Hosting > luan
comparison core/src/luan/modules/PackageLuan.java @ 229:2a54cb7d1cf4
improve security
git-svn-id: https://luan-java.googlecode.com/svn/trunk@230 21e917c8-12df-6dd8-5cb6-c86387c605b9
| author | fschmidt@gmail.com <fschmidt@gmail.com@21e917c8-12df-6dd8-5cb6-c86387c605b9> |
|---|---|
| date | Wed, 24 Sep 2014 21:13:46 +0000 |
| parents | ec016471c6eb |
| children | 4dfa86dbca45 |
comparison
equal
deleted
inserted
replaced
| 228:7580379cdc79 | 229:2a54cb7d1cf4 |
|---|---|
| 24 module.put( "preload", Luan.newTable() ); | 24 module.put( "preload", Luan.newTable() ); |
| 25 module.put( "path", "?.luan;java:luan/modules/?.luan" ); | 25 module.put( "path", "?.luan;java:luan/modules/?.luan" ); |
| 26 module.put( "jpath", jpath ); | 26 module.put( "jpath", jpath ); |
| 27 try { | 27 try { |
| 28 module.put("require",requireFn); | 28 module.put("require",requireFn); |
| 29 add( module, "block_path", LuanState.class, String.class ); | |
| 30 add( module, "is_blocked_path", LuanState.class, String.class ); | |
| 31 add( module, "load", LuanState.class, String.class ); | 29 add( module, "load", LuanState.class, String.class ); |
| 32 add( module, "load_lib", LuanState.class, String.class ); | 30 add( module, "load_lib", LuanState.class, String.class ); |
| 33 add( module, "search_path", String.class, String.class ); | 31 add( module, "search_path", String.class, String.class ); |
| 34 add( module, "search", LuanState.class, String.class ); | 32 add( module, "search", LuanState.class, String.class ); |
| 35 } catch(NoSuchMethodException e) { | 33 } catch(NoSuchMethodException e) { |
| 195 return LuanFunction.NOTHING; | 193 return LuanFunction.NOTHING; |
| 196 } | 194 } |
| 197 }; | 195 }; |
| 198 | 196 |
| 199 | 197 |
| 200 public static void block_path(LuanState luan,String path) { | 198 public static void block(LuanState luan,String key) { |
| 201 blocked(luan).put(path,true); | 199 blocked(luan).put(key,true); |
| 202 } | 200 } |
| 203 | 201 |
| 204 public static boolean is_blocked_path(LuanState luan,String path) { | 202 public static boolean is_blocked(LuanState luan,String key) { |
| 205 return blocked(luan).get(path) != null; | 203 return blocked(luan).get(key) != null; |
| 206 } | 204 } |
| 207 | 205 |
| 208 public static LuanFunction load_lib(LuanState luan,String path) | 206 public static LuanFunction load_lib(LuanState luan,String path) |
| 209 throws ClassNotFoundException, NoSuchFieldException, IllegalAccessException, LuanException | 207 throws ClassNotFoundException, NoSuchFieldException, IllegalAccessException, LuanException |
| 210 { | 208 { |
| 211 if( is_blocked_path(luan,path) ) | |
| 212 throw luan.exception(path+" is blocked"); | |
| 213 int i = path.lastIndexOf('.'); | 209 int i = path.lastIndexOf('.'); |
| 214 String clsPath = path.substring(0,i); | 210 String clsPath = path.substring(0,i); |
| 215 String fld = path.substring(i+1); | 211 String fld = path.substring(i+1); |
| 216 Class cls = Class.forName(clsPath); | 212 Class cls = Class.forName(clsPath); |
| 217 return (LuanFunction)cls.getField(fld).get(null); | 213 return (LuanFunction)cls.getField(fld).get(null); |