Verified Commit 1770357d authored by Karel Koci's avatar Karel Koci 🤘

Allow files access functions in Local restriction level

There is no reason why we should deny access to these functions in local
restriction level. Those scripts are running on local machine and has
access to Run function so there is no sense in protection.
parent bf8746aa
......@@ -595,6 +595,42 @@ These commands allows printing of messages for their corresponding
verbosity levels. On top of that `DIE` command also results to
updater failure.
Access files
~~~~~~~~~~~~
On top of standard `io` and `file` updater also defines some of its own functions
for files access.
ls(path)
stat(path)
lstat(path)
All these functions have to be called with string argument containing path. Note
that you should prepend all paths with `root_dir` variable to support off root
execution.
ls::
This functions returns table with file names under the given path (acts like
shell's `ls -a`, ommiting `.` and `..` entries). If given path is not directory
or doesn't exists then error is raised. Value in table for each key is the type
of file, which may be:
b;; A block device
c;; A character device
d;; A directory
f;; A named pipe
l;; A symbolic link
r;; A regular file
s;; A unix-domain socket
?;; Failed to determine the type
stat::
Statistics about the given file. If the file does not exist, it returns nothing.
Otherwise, the file type is returned (see the types of `ls`). The second result
is the permissions of the file, in the imitation of shell's `ls -l`, like
`rwxr-x---`.
lstat::
Same as `stat` except the `lstat` behaviour is preferred. (eg. provides info
about symbolic link if it is a link, instead of the target).
Predefined variables
--------------------
......@@ -752,5 +788,10 @@ Restricted::
* `version_match`
Local::
* `uci` library
* `io`
* `file`
* `ls`
* `stat`
* `lstat`
Full::
* The whole lua library
......@@ -36,6 +36,7 @@ local assert = assert
local next = next
local TRACE = TRACE
local WARN = WARN
local ERROR = ERROR
local run_command = run_command
local events_wait = events_wait
local get_updater_version = get_updater_version
......@@ -44,10 +45,6 @@ local backend = require "backend"
local requests = require "requests"
local uri = require "uri"
local uci_ok, uci = pcall(require, "uci")
if not uci_ok then
ERROR("The uci library is not available. Continuing without it and expecting this is a test run on development PC.")
uci = nil
end
module "sandbox"
......@@ -178,7 +175,7 @@ end
-- END_MAGIC
-- Functions and "constants" available in the restricted level
-- Available functions and "constants" from global environment
local rest_available_funcs = {
"table",
"string",
......@@ -202,6 +199,13 @@ local rest_available_funcs = {
"DBG",
"TRACE"
}
local local_available_funcs = {
"io",
"file",
"ls",
"stat",
"lstat"
}
-- Additional available functions and "constants" not from global also available in restricted level
local rest_additional_funcs = {
{"version_match", backend.version_match},
......@@ -345,10 +349,10 @@ for _, name in pairs(rest_available_funcs) do
value = G[name]
}
end
if uci then
funcs.Local.uci = {
for _, name in pairs(local_available_funcs) do
funcs.Local[name] = {
mode = "inject",
value = uci
value = G[name]
}
end
-- Some additional our functions and "constants"
......@@ -358,6 +362,15 @@ for _, addit in pairs(rest_additional_funcs) do
value = addit[2]
}
end
-- Uci library if available
if uci_ok then
funcs.Local.uci = {
mode = "inject",
value = uci
}
else
ERROR("The uci library is not available. Continuing without it and expecting this is a test run on development PC.")
end
--[[
List the variable names here. This way we ensure they are actually set in case
they are nil. This helps in testing and also ensures some other global variable
......
......@@ -51,11 +51,9 @@ function test_context_new()
assert_table_equal(string, context.env.string)
-- Some are just in some of the contexts
if level == "Full" then
assert_equal(io, context.env.io)
assert_equal(utils, context.env.utils)
assert_equal(getmetatable, context.env.getmetatable)
else
assert_nil(context.env.io)
assert_nil(context.env.utils)
assert_nil(context.env.getmetatable)
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment