sandboxEnv.lua (3392B)
1 -- Sandbox Environment Whitelist 2 -- This file defines which functions are available in a sandboxed environment 3 -- Functions not listed here will be stubbed out or replaced with permission-checked versions 4 5 return { 6 -- Basic Lua functions (always safe) 7 assert = true, 8 error = true, 9 ipairs = true, 10 next = true, 11 pairs = true, 12 pcall = true, 13 print = true, 14 select = true, 15 tonumber = true, 16 tostring = true, 17 type = true, 18 unpack = true, 19 xpcall = true, 20 _VERSION = true, 21 22 -- String library (safe) 23 string = { 24 byte = true, 25 char = true, 26 find = true, 27 format = true, 28 gmatch = true, 29 gsub = true, 30 len = true, 31 lower = true, 32 match = true, 33 rep = true, 34 reverse = true, 35 sub = true, 36 upper = true, 37 }, 38 39 -- Table library (safe) 40 table = { 41 concat = true, 42 insert = true, 43 maxn = true, 44 remove = true, 45 sort = true, 46 }, 47 48 -- Math library (safe) 49 math = { 50 abs = true, 51 acos = true, 52 asin = true, 53 atan = true, 54 atan2 = true, 55 ceil = true, 56 cos = true, 57 cosh = true, 58 deg = true, 59 exp = true, 60 floor = true, 61 fmod = true, 62 frexp = true, 63 huge = true, 64 ldexp = true, 65 log = true, 66 log10 = true, 67 max = true, 68 min = true, 69 modf = true, 70 pi = true, 71 pow = true, 72 rad = true, 73 random = true, 74 randomseed = true, 75 sin = true, 76 sinh = true, 77 sqrt = true, 78 tan = true, 79 tanh = true, 80 }, 81 82 -- OS library (restricted - requires permissions) 83 os = { 84 clock = "perms.os", -- Requires OS permission 85 date = "perms.os", -- Requires OS permission 86 difftime = "perms.os", -- Requires OS permission 87 time = "perms.os", -- Requires OS permission 88 execute = "perms.os", -- Requires OS permission 89 exit = "perms.os", -- Requires OS permission 90 getenv = "perms.os", -- Requires OS permission 91 remove = "perms.fs", -- Requires FS permission 92 rename = "perms.fs", -- Requires FS permission 93 tmpname = "perms.fs", -- Requires FS permission 94 }, 95 96 -- IO library (restricted - requires permissions) 97 io = { 98 close = "perms.fs", 99 flush = "perms.fs", 100 input = "perms.fs", 101 lines = "perms.fs", 102 open = "perms.fs", 103 output = "perms.fs", 104 read = "perms.fs", 105 tmpfile = "perms.fs", 106 type = "perms.fs", 107 write = "perms.fs", 108 }, 109 110 -- Debug library (completely blocked for security) 111 -- debug = nil, 112 113 -- Package/module system (restricted) 114 require = "perms.modules", 115 module = "perms.modules", 116 package = { 117 loaded = true, 118 preload = true, 119 -- Block these for security 120 -- loadlib = nil, 121 -- cpath = nil, 122 -- path = nil, 123 }, 124 125 -- Coroutine library (safe) 126 coroutine = { 127 create = true, 128 resume = true, 129 running = true, 130 status = true, 131 wrap = true, 132 yield = true, 133 }, 134 135 -- Custom LuaJIT OS functions (if available) 136 osprint = true, 137 RunString = "perms.os", 138 CompileString = "perms.os", 139 }