Mercurial Hosting > luan
comparison core/src/luan/modules/IoLuan.java @ 203:99eef1d0e706
IO security
git-svn-id: https://luan-java.googlecode.com/svn/trunk@204 21e917c8-12df-6dd8-5cb6-c86387c605b9
author | fschmidt@gmail.com <fschmidt@gmail.com@21e917c8-12df-6dd8-5cb6-c86387c605b9> |
---|---|
date | Sun, 06 Jul 2014 03:54:08 +0000 |
parents | 75750ceb45ee |
children | cee6581b6f56 |
comparison
equal
deleted
inserted
replaced
202:75750ceb45ee | 203:99eef1d0e706 |
---|---|
20 import java.io.IOException; | 20 import java.io.IOException; |
21 import java.net.URL; | 21 import java.net.URL; |
22 import java.net.Socket; | 22 import java.net.Socket; |
23 import java.net.ServerSocket; | 23 import java.net.ServerSocket; |
24 import java.net.MalformedURLException; | 24 import java.net.MalformedURLException; |
25 import java.util.List; | |
26 import java.util.ArrayList; | |
25 import luan.LuanState; | 27 import luan.LuanState; |
26 import luan.LuanTable; | 28 import luan.LuanTable; |
27 import luan.LuanFunction; | 29 import luan.LuanFunction; |
28 import luan.LuanJavaFunction; | 30 import luan.LuanJavaFunction; |
29 import luan.LuanException; | 31 import luan.LuanException; |
309 } | 311 } |
310 | 312 |
311 public static final class LuanUrl extends LuanIn { | 313 public static final class LuanUrl extends LuanIn { |
312 private final URL url; | 314 private final URL url; |
313 | 315 |
314 private LuanUrl(String s) throws MalformedURLException { | 316 private LuanUrl(URL url) throws LuanException { |
315 this.url = new URL(s); | 317 this.url = url; |
316 } | 318 } |
317 | 319 |
318 @Override InputStream inputStream() throws IOException { | 320 @Override InputStream inputStream() throws IOException { |
319 return url.openStream(); | 321 return url.openStream(); |
320 } | 322 } |
325 } | 327 } |
326 | 328 |
327 public static final class LuanFile extends LuanIO { | 329 public static final class LuanFile extends LuanIO { |
328 private final File file; | 330 private final File file; |
329 | 331 |
330 private LuanFile(String name) { | 332 private LuanFile(LuanState luan,File file) throws LuanException { |
331 this(new File(name)); | 333 this(file); |
334 check(luan,file.toString()); | |
332 } | 335 } |
333 | 336 |
334 private LuanFile(File file) { | 337 private LuanFile(File file) { |
335 this.file = file; | 338 this.file = file; |
336 } | 339 } |
345 | 348 |
346 @Override public String to_string() { | 349 @Override public String to_string() { |
347 return file.toString(); | 350 return file.toString(); |
348 } | 351 } |
349 | 352 |
350 public LuanTable child(String name) { | 353 public LuanTable child(LuanState luan,String name) throws LuanException { |
351 return new LuanFile(new File(file,name)).table(); | 354 return new LuanFile(luan,new File(file,name)).table(); |
352 } | 355 } |
353 | 356 |
354 public LuanTable children() { | 357 public LuanTable children(LuanState luan) throws LuanException { |
355 File[] files = file.listFiles(); | 358 File[] files = file.listFiles(); |
356 if( files==null ) | 359 if( files==null ) |
357 return null; | 360 return null; |
358 LuanTable list = new LuanTable(); | 361 LuanTable list = new LuanTable(); |
359 for( File f : files ) { | 362 for( File f : files ) { |
360 list.add(new LuanFile(f).table()); | 363 list.add(new LuanFile(luan,f).table()); |
361 } | 364 } |
362 return list; | 365 return list; |
363 } | 366 } |
364 | 367 |
365 public boolean exists() { | 368 public boolean exists() { |
392 ) ); | 395 ) ); |
393 tbl.put( "last_modified", new LuanJavaFunction( | 396 tbl.put( "last_modified", new LuanJavaFunction( |
394 File.class.getMethod( "lastModified" ), file | 397 File.class.getMethod( "lastModified" ), file |
395 ) ); | 398 ) ); |
396 tbl.put( "child", new LuanJavaFunction( | 399 tbl.put( "child", new LuanJavaFunction( |
397 LuanFile.class.getMethod( "child", String.class ), this | 400 LuanFile.class.getMethod( "child", LuanState.class, String.class ), this |
398 ) ); | 401 ) ); |
399 tbl.put( "children", new LuanJavaFunction( | 402 tbl.put( "children", new LuanJavaFunction( |
400 LuanFile.class.getMethod( "children" ), this | 403 LuanFile.class.getMethod( "children", LuanState.class ), this |
401 ) ); | 404 ) ); |
402 } catch(NoSuchMethodException e) { | 405 } catch(NoSuchMethodException e) { |
403 throw new RuntimeException(e); | 406 throw new RuntimeException(e); |
404 } | 407 } |
405 return tbl; | 408 return tbl; |
406 } | 409 } |
407 } | 410 } |
408 | 411 |
409 public static LuanIn luanIo(LuanState luan,String name) throws LuanException { | 412 public static LuanIn luanIo(LuanState luan,String name) throws LuanException { |
410 if( Utils.isFile(name) ) | 413 check(luan,name); |
411 return new LuanFile(name); | 414 File file = Utils.toFile(name); |
412 String url = Utils.toUrl(name); | 415 if( file != null ) |
416 return new LuanFile(file); | |
417 URL url = Utils.toUrl(name); | |
413 if( url != null ) { | 418 if( url != null ) { |
414 try { | 419 return new LuanUrl(url); |
415 return new LuanUrl(url); | |
416 } catch(MalformedURLException e) { | |
417 throw new RuntimeException(e); | |
418 } | |
419 } | 420 } |
420 throw luan.exception( "file '"+name+"' not found" ); | 421 throw luan.exception( "file '"+name+"' not found" ); |
421 } | 422 } |
422 | 423 |
423 public static LuanTable File(LuanState luan,String name) throws LuanException { | 424 public static LuanTable File(LuanState luan,String name) throws LuanException { |
496 } | 497 } |
497 } | 498 } |
498 }; | 499 }; |
499 } | 500 } |
500 | 501 |
502 | |
503 // security | |
504 | |
505 public interface Security { | |
506 public void check(LuanState luan,String name) throws LuanException; | |
507 } | |
508 | |
509 private static String SECURITY_KEY = "Io.Security"; | |
510 | |
511 private static void check(LuanState luan,String name) throws LuanException { | |
512 @SuppressWarnings("unchecked") | |
513 List<Security> list = (List<Security>)luan.registry().get(SECURITY_KEY); | |
514 if( list==null ) | |
515 return; | |
516 for( Security s : list ) { | |
517 s.check(luan,name); | |
518 } | |
519 } | |
520 | |
521 public static void addSecurity(LuanState luan,Security s) { | |
522 @SuppressWarnings("unchecked") | |
523 List<Security> list = (List<Security>)luan.registry().get(SECURITY_KEY); | |
524 if( list==null ) { | |
525 list = new ArrayList<Security>(); | |
526 luan.registry().put(SECURITY_KEY,list); | |
527 } | |
528 list.add(s); | |
529 } | |
530 | |
531 public static class DirSecurity implements Security { | |
532 private final String[] dirs; | |
533 | |
534 public DirSecurity(LuanState luan,String[] dirs) { | |
535 this.dirs = dirs; | |
536 } | |
537 | |
538 @Override public void check(LuanState luan,String name) throws LuanException { | |
539 for( String dir : dirs ) { | |
540 if( name.startsWith(dir) ) | |
541 return; | |
542 } | |
543 throw luan.exception("Security violation - '"+name+"' not in allowed directory"); | |
544 } | |
545 } | |
546 | |
547 | |
501 private void IoLuan() {} // never | 548 private void IoLuan() {} // never |
502 } | 549 } |