I want to share lua modules with coworkers. In order to get the latest version of shared modules I want to store and fetch them with a web server.
My questions is:
Is it possible to load lua code directly from http request or string?
I want to achieve something like that :
module = [[
local sharedModule = {}
function sharedModule.greet(name) print("hello " .. name) end
return sharedModule
]]
greeter = require (module)
greeter.greet("john")
Maybe this is not the right thing to do. Is there a better approach than this one?
There's a whole section in Programming in Lua devoted to that. Your needs will be directly fulfilled with loadstring in Lua 5.1 and older, or load in Lua 5.2 and newer.
I would carefully verify the code you're actually executing, though. At the very least, version it (running a wrong version would most probably end up in all sorts of problems, if the code being run depends on the environment being in a certain state). Optimally checksum and sign the code, and verify the signature before doing anything. If your environment isn't protected, this is essentially a huge backdoor opening.
You could also use rings library to isolate the code you're running within the Lua environment itself. It might not be airtight security-wise, but should at least prevent the received code from crashing your application if/when it goes awry.
Related
I'm currently writing some dissector for Wireshark in Lua. The Lua code has become quite large. Because of that I'm splitting it up into multiple files (modules). I got that working. By the way my goal is that the user just needs to copy the files into the plugins directory so that the dissector is automatically loaded every time Wireshark is started.
Now, to gain access to the other files from the "main file" I need to do this:
package.prepend_path(".\plugins\3.3\modulesDir")
local mymodule= require "module"
This works fine, but it has some disadvantages. Most importantly if a user uses a different version of Wireshark I need to change the path in the Lua code. Same if it's a different directory (Linuy, Mac OS).
To get around this I did some research on how to get the path of the current Lua file and came up with this:
local moduleDir = debug.getinfo(2, "S").source:sub(2)
moduleDir = moduleDir:match("(.*[/\\])")
This works platform indepedently, so it looks to be the perfect solution for what I want. If I execute this using Wireshark > Tools > Lua > Evaluate it work perfectly fine.
BUT: If I do it in the Lua file (which is my dissector) then I get the error "attempt to index a nil value". I tried various different versions of this line but it always appears that the debug table is nil. I'm using Wireshark version 3.3.
Has anyone an idea how to get it running? Or a different approach to getting the directory where the Lua file is in? Thanks in advance.
If you are looking for "global configuration directory" then you can use Dir.global_config_path(). Here you have that init.lua is in this path, and here lua function dtails.
On Windows, I have my Lua files in the "Personal Lua Plugins" directory, which when you look at Wireshark's "Help -> About Wireshark -> Folders" dialog, is just %APPDATA%\Wireshark\plugins. So, perhaps you can just move your folder from path\to\plugins\3.3\modulesDir to just path\to\plugins\modulesDir?
I believe you will then only require:
package.prepend_path("modulesDir")
And this will allow your Lua dissector and modules to work not only with the Wireshark 3.3 development version, but also future releases as well. And if your dissector can't work with older versions of Wireshark for some reason, you can always do something like:
if get_version() < "3.3" then
return
end
Lastly, have a look at how Hadriel Kaplan solved this for his protobuf.lua dissector, where his required modules are in the "modules" directory. It's basically as I've described above. See: https://github.com/128technology/protobuf_dissector
I come from C-family "mainstream" langages and i'm currently giving a try in Lua .
I made a simple code that check for a user entry and try to open an URL (built with user entry) in the default browser.
Saw the command os.execute("start "URL") that failed, saying that "os is undefined".
Well, seemed to be logical. I then researched the reason and discovered the "require" key word (which seems to act as a LoadLibrary or kind).
This is where I'm lost !
All forums says "yeah yeah just add require os and it will do". But it actually fail !
I obviously suspect that i am missing a "file" or path pointing at that "os" description. And that it's so obvious nobody found useful enough to explain or ask for it.
Can someone explain me what does require, in details ? Which file am i supposed to add (if i really need to ?).
If someone also have an online lesson to advise me, i'll accept it with pleasure. I feel like i'm missing a lot of basics and that's really not a "try to step-up" friendly langage
The standard Lua environment has os available without using require, so you must be using a non-standard Lua environment.
When Lua is embedded into different software, access to libraries like os is usually removed, as it is a security risk. (For example, if you allowed full access to the os library to anyone using Lua on a webserver, it would mean that anyone could run random shell commands on that server.)
If your Lua environment has been altered in this way, then there is a good chance that you will never be able to use the os library whatever you do.
For background, I'm currently using notify-send to produce dbus notifications when a long script finishes but I'd like to make better notifications with naughty.
I found this simple script https://gist.github.com/lgaggini/51a35f363b7f1966971e869f3fbb5335 for sending naughty notifications using awesome-client. It initializes the naughty library every time it runs, which seems messy since it only needs to be loaded once per session.
In my rc.lua, I tried changing the line
local naughty=require("naughty")
remove local: still needed to require naughty through a lua prompt or awesome-client after restarting awesome
add global: that's not actually a keyword in lua so it breaks my config
Is there something I can do here or elsewhere in my rc.lua that will make this (or any other) library available to awesome-client without an extra step?
I have a lua project with lua files specified in multiple directories all under the same root folder with some dependencies.
Occasionally I run into issues where when a table is being loaded at load time I get a nil exception as the table is referencing a not yet initialised table, like:
Customer =
{
Type = CustomerTypes.Friendly
}
Which causes a nil exception for CustomerTypes as CustomerTypes.lua has not yet loaded.
My current solution is to simply have a global function call in these lua files to load the dependency scripts.
What I would like to do is pre-process my lua files to find all dependencies and at run time load them in that order without needing function calls or special syntax in my lua files to determine this (i.e. the pre-processor will procedurally work out dependencies).
Is this something which can be realistically achieved? Are there other solutions out there? (I've come across some but not sure if they're worth pursuing).
As usual with lua there are about 230891239122 ways to solve this. I'll name 3 off the top of my head but I bet I could illustrate at least 101 of them and publish a coffee table book.
First of all, it must be said that the notion of 'dependencies' here is strictly up to your application. Lua has no sense of it. So this isn't anything like overcoming a deficiency in lua, it's simply you creating a scripting environment in your application that makes you comfortable, and that's what lua's all about.
Now, it seems to me you've jumped to a conclusion that preprocessing is required to solve the given problem. I don't think that's warranted. I feel somewhat comfortable saying a more conventional approach to solving the problem would be to make a __newindex metamethod globally which handles the "CustomerTypes doesnt exist yet" situation by referencing a list of scripts which have been scanned out of the filesystem initially for one called CustomerTypes.lua and running that.
But maybe you have some good reason for wanting it done strictly as preprocessing. In your case, I would start by considering 'dependencies' to be any name which is a script found in your scripts filesystem. Then scan each script to look for the names of dependencies using the definitions/list you just created, and prepend a load(dependency) command to each of those scripts.
Since the concept of "runtime" or "preprocessing" is somewhat ambiguous in this context, you might mean at script-compile-time. You could use the LuaMacros token filters system to effect a macro which replaces CustomerTypes with require("CustomerTypes.lua") or something to that effect after having discovered that CustomerTypes is a legal dependency name.
Folks, i'm trying to execute a jar file inside RoR. Thanks to SO, I figured using IO::popen calls to execute a jar file.
Requirements:
- To login to site: To let our company employees login. Its a Java library which does some magic and figures if the username/password is valid. Which I did using,
result = IO::popen("java -cp auth.jar com.name.auth.LDAPLookup " + params[:username] + " " + params[:password]).read
p result
output: ["Authorized", "email", "id"]
No input sanitizing done. This is risky. Anyone could type something up in username/password and that will be executed in the server.
I'm not sure how to do this. One option I want to try is to use fork() or Process APIs to launch "java" and pass arguments. Couldn't figure out however. Any other thoughts?
Aside from the issue you mention, this sounds pretty painful in terms of performance (you're waiting around for the JVM to start up on every request, after all).
Two solutions jump out at me:
Look what the library does, and see if you really need to call out to Java for this; in particular, if it's just a question of making a lookup in an LDAP directory with a set of canned parameters, there are plenty of gems for that
If you must make use of Java classes from Ruby, strongly consider using JRuby, which will let you call the Java class in question directly, with neither the overhead of restarting the JVM on each call, nor the risk which comes with trying to correctly escape your arguments from Ruby to the shell to the JVM, and back.