战魂小筑

讨论群:309800774 知乎关注:http://zhihu.com/people/sunicdavy 开源项目:https://github.com/davyxu

   :: 首页 :: 新随笔 :: 联系 :: 聚合  :: 管理 ::
  257 随笔 :: 0 文章 :: 506 评论 :: 0 Trackbacks

我们有时需要限制lua代码的运行环境,或者是让使用者不能访问到lua的一些全局函数.lua语言本身没有类似于C++, C#, Java那样的成员访问控制. 但lua提供了setfenv函数可以很灵活的处理各类权限问题

废话不多说, 看代码

   1:  -- 创建沙盒
   2:  function SpawnSandBox( )
   3:   
   4:      local SandBoxGlobals = {}
   5:      
   6:      -- 基础函数添加
   7:      SandBoxGlobals.print             = print
   8:      SandBoxGlobals.table             = table
   9:      SandBoxGlobals.string             = string     
  10:      SandBoxGlobals.math               = math 
  11:      SandBoxGlobals.assert             = assert 
  12:      SandBoxGlobals.getmetatable    = getmetatable 
  13:      SandBoxGlobals.ipairs             = ipairs 
  14:      SandBoxGlobals.pairs             = pairs 
  15:      SandBoxGlobals.pcall             = pcall 
  16:      SandBoxGlobals.setmetatable    = setmetatable 
  17:      SandBoxGlobals.tostring        = tostring 
  18:      SandBoxGlobals.tonumber        = tonumber 
  19:      SandBoxGlobals.type            = type 
  20:      SandBoxGlobals.unpack             = unpack 
  21:      SandBoxGlobals.collectgarbage     = collectgarbage
  22:      SandBoxGlobals._G                = SandBoxGlobals
  23:      
  24:      return SandBoxGlobals
  25:  end
  26:   
  27:  -- 在沙盒内执行脚本, 出错时返回错误, nil表示正确
  28:  function ExecuteInSandBox( SandBox, Script )
  29:      
  30:      local ScriptFunc, CompileError = loadstring( Script )
  31:      
  32:      if CompileError then
  33:          return CompileError
  34:      end
  35:      
  36:      setfenv( ScriptFunc, SandBox )
  37:      
  38:      local Result, RuntimeError = pcall( ScriptFunc )
  39:      if RuntimeError then
  40:          return RuntimeError
  41:      end
  42:      
  43:      return nil
  44:  end
  45:   
  46:  function ProtectedFunction( )
  47:      print("protected func")
  48:  end
  49:   
  50:   
  51:  local SandBox = SpawnSandBox( )
  52:   
  53:   
  54:  print ( "Response=", ExecuteInSandBox( SandBox, "table.foreach( _G, print )" ) )
  55:   
  56:  print ( "Response=", ExecuteInSandBox( SandBox, "ProtectedFunction()" ) )
  57:   
  58:  SandBox.ProtectedFunction = ProtectedFunction
  59:   
  60:  print ( "Response=", ExecuteInSandBox( SandBox, "ProtectedFunction()" ) )

 

54行执行结果是

 

   1:  _G    table: 00421258
   2:  string    table: 00421050
   3:  pairs    function: 00567F58
   4:  collectgarbage    function: 005675F0
   5:  unpack    function: 004217E8
   6:  assert    function: 005675B0
   7:  print    function: 00567830
   8:  ipairs    function: 00567F28
   9:  type    function: 004217A8
  10:  tonumber    function: 00421768
  11:  tostring    function: 00421788
  12:  table    table: 00420DA8
  13:  math    table: 004210C8
  14:  setmetatable    function: 00421748
  15:  getmetatable    function: 00567710
  16:  pcall    function: 005677F0
  17:  Response=    nil
 
54行由于没有注册这个全局函数, 因此无法访问
Response=    [string "ProtectedFunction()"]:1: attempt to call global 'ProtectedFunction' (a nil value)
 
58行在全局环境中加上了这个函数,因此在60行访问正常
protected func
Response=    nil
 
posted on 2012-03-02 09:40 战魂小筑 阅读(4134) 评论(0)  编辑 收藏 引用 所属分类: 脚本技术C++/ 编程语言

只有注册用户登录后才能发表评论。
网站导航: 博客园   IT新闻   BlogJava   知识库   博问   管理