ROBLOX sandboxing - lua

I am new to sandboxing in Lua, and would like to learn how to filter stuff like :GetChildren() or :Kick().
This is what I have so far:
function safeGetChildren(obj)
local objs = {}
for _,v in pairs(obj) do
if not v.Name:match("^^") then
table.insert(objs, v.Name)
end
end
return objs
end
function safeClearAllChildren(obj)
if obj:IsA("Player") or obj:IsA("Players") or obj:IsA("Workspace") or obj:IsA("ServerScriptService") or obj:IsA("Lighting") or obj:IsA("ReplicatedStorage") or obj:IsA("StarterGui") then
return error("Cannot clear this object!");
else
obj:ClearAllChildren();
end
end
function safeRemoveObject(obj)
local name = obj.Name:lower();
if obj:IsA("Player") or name == "remoteevents" or obj.Parent == "RemoteEvents" or obj.Parent == "ReplicatedStorage" or obj.Parent == "StarterGui" or obj.Parent == "ServerScriptService" or obj.Parent == "TinySB" then
return error("Cannot destroy this object!");
else
obj:Destroy();
end
end
local Globals = {
-- Globals
workspace = workspace,
print = print,
error = error,
table = table,
pairs = pairs,
game = game,
string = string,
_G = _G,
getfenv = getfenv,
loadstring = loadstring,
ipairs = ipairs,
next = next,
os = os,
pcall = pcall,
rawequal = rawequal,
rawget = rawget,
rawset = rawset,
select = select,
setfenv = setfenv,
setmetatable = setmetatable,
tonumber = tonumber,
tostring = tostring,
type = type,
unpack = unpack,
_VERSION = _VERSION,
xpcall = xpcall,
collectgarbage = collectgarbage,
assert = assert,
gcinfo = gcinfo,
coroutine = coroutine,
string = string,
table = table,
math = math,
delay = delay,
LoadLibrary = LoadLibrary,
printidentity = printidentity,
spawn = spawn,
tick = tick,
time = time,
UserSettings = UserSettings,
Version = Version,
wait = wait,
warn = warn,
ypcall = ypcall,
PluginManager = PluginManager,
LoadRobloxLibrary = LoadRobloxLibrary,
settings = settings,
stats = stats,
-- Functions
["require"] = function(...)
return error("Cannot require object (API disabled)");
end,
["getchildren"] = function(...)
return safeGetChildren(...);
end,
['children'] = function(...)
return safeGetChildren(...);
end,
['clearallchildren'] = function(...)
return safeClearAllChildren(...);
end,
['destroy'] = function(...)
return safeRemoveObject(...);
end,
['remove'] = function(...)
return safeRemoveObject(...);
end,
['kick'] = function(...)
return safeRemoveObject(...);
end,
['saveplace'] = function(...)
return error("Cannot save place (API Disabled)");
end
}
setfenv(1, Globals)
table.foreach(workspace:GetChildren(), print)
I made this in a few hours but things like :GetChildren() aren't filtered in this environment. If anyone can help me with an explanation on what each part of the code required does will really help.


You're setting safe wrapper under name 'getchildren' in new environment. But later, when testing, you're calling 'GetChildren', taken from 'workspace' table, and not from global variable in new environment.
Replacing function in global environment doesn't mean replacing functions with same name in all tables/objects. For that to work, object must call function from current global environment, and not function from internal tables or lexical closures.

Related

argument 1 missing or nil

i am making a tower defense game but it keeps saying argument 1 missing or nil
when i try to spawn the tower
this is a module script
(error at line 11)
local PhysicsServive = game:GetService("PhysicsService")
local ServerStorage = game:GetService("ServerStorage")
local ReplicatedStorage = game:GetService("ReplicatedStorage")
local PhysicsService = game:GetService("PhysicsService")
local events = ReplicatedStorage:WaitForChild("Events")
local Tower = {}
local SpawnTowerEvent = events:WaitForChild("SpawnTower")
function Tower.Spawn(player, Name, CFrame)
local towerExists = ReplicatedStorage.Towers:FindFirstChild(Name)
if towerExists then
local newTower = towerExists:Clone()
newTower.HumanoidRootPart.CFrame = CFrame
newTower.Parent = workspace.Towers
newTower.HumanoidRootPart:SetNetworkOwner(nil)
for i, object in ipairs(newTower:GetDescendants()) do
if object:IsA("BasePart") then
PhysicsService:SetPartCollisionGroup(object, "Tower")
object.Material = Enum.Material.ForceField
end
end
else
warn("Missing:", Name)
end
end
SpawnTowerEvent.OnServerEvent:Connect(Tower.Spawn())
return Tower

SpawnTowerEvent.OnServerEvent:Connect(Tower.Spawn())
Connect expects a function value, not a function call (unless that function call resolves to a function value). Remove the call operator ().
SpawnTowerEvent.OnServerEvent:Connect(Tower.Spawn)
You call Tower.Spawn without any arguments. Therefor you call FindFirstChild(nil) which causes the observed error.
Also it does not return a function value.

Lua script for conky runs without errors but doesn't draw anything

I am new to lua and was trying to get more into it by creating scripts for conky. In my example, I was trying to encapsulate cairo functionality into a Canvas object and drawable objects (i.e. Text object) that can be added to the canvas.
When I tried to store cairo_surface and cairo objects in a table I wasn't able to use them anymore. Even though no error occured (no message or segfault or leaks) no text was displayed in the second example.
This example works:
Canvas = {
init = function (w)
local cs = cairo_xlib_surface_create(w.display,w.drawable,w.visual,w.width,w.height)
local cr = cairo_create(cs)
return cr, cs
end,
destroy = function (cr, cs)
cairo_destroy(cr)
cairo_surface_destroy(cs)
end
}
function conky_main ()
if conky_window == nil then
return
else
local cr, cs = Canvas.init(conky_window)
local tx = Text:new{text="Hello World!"}
tx:draw(cr)
Canvas.destroy(cr, cs)
end
end
This example doesn't work:
Canvas = {
init = function (w) -- returns table instead of 2 variables
return {
cs = cairo_xlib_surface_create(w.display,w.drawable,w.visual,w.width,w.height),
cr = cairo_create(cs)
}
end,
destroy = function (cnv)
cairo_destroy(cnv.cr)
cairo_surface_destroy(cnv.cs)
end
}
function conky_main ()
if conky_window == nil then
return
else
local cnv = Canvas.init(conky_window)
local tx = Text:new{text="Hello World!"}
tx:draw(cnv.cr) -- access table member instead of variable
Canvas.destroy(cnv)
end
end

return {
cs = cairo_xlib_surface_create(w.display,w.drawable,w.visual,w.width,w.height),
cr = cairo_create(cs)
}
In Lua table constructor there is no way to access another fields of the table being constructed.
cs in expression cr = cairo_create(cs) refers to (global) variable cs instead of table field cs.
Workaround: introduce local variable cs and initialize it prior to creating a table.
local cs = cairo_xlib_surface_create(w.display,w.drawable,w.visual,w.width,w.height)
return { cs = cs, cr = cairo_create(cs) }

How to use Lua field extractor in Wireshark?

I have a protocol like this
"Packet" - A sequence of messages
{Head}{Content}{Head}{Content}...
"Head" - 1 byte
bit 1-7 : msg length
bit 8 : true msg or not
It is a udp communication, I have to use that bit 8 to determine if I need to skip the message.
Following is my toy parser, the Problem I am facing is how to extract the bool value helping me to make the decision.
TOY_proto = Proto("TOY", "TOY Protocol")
local isSkip = ProtoField.new("Is Skip?", "mytoy.isSkip", ftypes.BOOLEAN, {"Yes", "No"}, 8, 0x01)
local msgLen = ProroField.new("Message Length", "mytoy.msgLen", ftypes.UINT8, nil, base.DEC, 0xFE)
TOY_proto.fields = {isSkip, msgLen}
local isSkip_Field = Field.new("mytoy.isSkip")
local function getIsSkip()
return isSkip_Field()()
end
local msgLen_Field = Field.new("mytoy.msgLen")
local function getMsgLen()
return msgLen_Field()()
end
function TOY_proto.dissector(tvbuf, pktinfo, root)
pktinfo.cols.protocol = "TOY"
local pktlen = tvbuf:reported_length_remaining()
local pos = 0
while pos < pktlen do
local headTree = tree:add("Head")
headTree:add_le(isSkip, tvbuf:range(pos,1))
headTree:add_le(msgLen, tvbuf:range(pos,1))
if getIsSkip() then
pos = pos + getMsgLen()
else
-- do something else
end
end
end
udp_table = DissectorTable.get("udp.port")
udp_table:add(6628, TOY_proto)
The Problem is that in the first loop, every variable is doing right, but after the first loop, the value returned from getIsSkip() and getMsgLen() are always unchanged.

When you do this:
return isSkip_Field()()
What you're really doing is logically equivalent to this:
-- extract the FieldInfo object using the Field object "isSkip_Field"
local tempFieldInfo = isSkip_Field()
-- get the Lua boolean value of the FieldInfo object
local tempValue = tempFieldInfo()
-- return it
return tempValue
I mention the above to explain why you're getting what you're getting later in this answer...
When you invoke a field extractor (i.e., you call a Field object to get a FieldInfo object), you actually get back every FieldInfo object of that Field's type that exists in that packet at the time the extractor is invoked. Your packet contains multiple "messages" of your protocol, so in each loop you get back the previous loops' FieldInfo objects as well as the current one, for the same packet.
In other words, when your script executed this:
return isSkip_Field()()
...the first time for a packet, it got back one FieldInfo object, called that, and got the boolean. When it ran the second time, the call to isSkip_Field() actually returned two FieldInfo objects, but it discarded the second one because the code is logically equivalent to the code I wrote at the top of this answer, and instead only called the first instance, which of course rteturns the same boolean value as the first loop iteration; and when it ran a third time for the same packet it returned three FieldInfo objects, discarded the second two, called the first one, etc.
So what you really want to do is select the correct FieldInfo object each loop iteration - namely the most recent (last) one. You can do that one of two ways: (1) using the Lua select() function, or (2) put the returned FieldInfo objects into a table and retrieve the last entry.
For example, do this:
local isSkip_Field = Field.new("mytoy.isSkip")
local function getIsSkip(num)
return select(num, isSkip_Field())()
end
local msgLen_Field = Field.new("mytoy.msgLen")
local function getMsgLen(num)
return select(num, msgLen_Field())()
end
function TOY_proto.dissector(tvbuf, pktinfo, root)
pktinfo.cols.protocol = "TOY"
local pktlen = tvbuf:reported_length_remaining()
local pos = 0
local num = 1
while pos < pktlen do
local headTree = tree:add("Head")
headTree:add_le(isSkip, tvbuf:range(pos,1))
headTree:add_le(msgLen, tvbuf:range(pos,1))
if getIsSkip(num) then
pos = pos + getMsgLen(num)
else
-- do something else
end
num = num + 1
end
end
...or this:
local isSkip_Field = Field.new("mytoy.isSkip")
local function getIsSkip()
local tbl = { isSkip_Field() }
return tbl[#tbl]()
end
local msgLen_Field = Field.new("mytoy.msgLen")
local function getMsgLen()
local tbl = { msgLen_Field() }
return tbl[#tbl]()
end
function TOY_proto.dissector(tvbuf, pktinfo, root)
pktinfo.cols.protocol = "TOY"
local pktlen = tvbuf:reported_length_remaining()
local pos = 0
while pos < pktlen do
local headTree = tree:add("Head")
headTree:add_le(isSkip, tvbuf:range(pos,1))
headTree:add_le(msgLen, tvbuf:range(pos,1))
if getIsSkip() then
pos = pos + getMsgLen()
else
-- do something else
end
end
end
...or if there are going to be lots of Fields, this might be nicer:
local isSkip_Field = Field.new("mytoy.isSkip")
local msgLen_Field = Field.new("mytoy.msgLen")
local function getFieldValue(field)
local tbl = { field() }
return tbl[#tbl]()
end
function TOY_proto.dissector(tvbuf, pktinfo, root)
pktinfo.cols.protocol = "TOY"
local pktlen = tvbuf:reported_length_remaining()
local pos = 0
while pos < pktlen do
local headTree = tree:add("Head")
headTree:add_le(isSkip, tvbuf:range(pos,1))
headTree:add_le(msgLen, tvbuf:range(pos,1))
if getFieldValue(isSkip_Field) then
pos = pos + getFieldValue(msgLen_Field)
else
-- do something else
end
end
end

Classes in Lua, how does it work

I'm new to Lua, and I'm trying to understand its OO part, for example :
lkw = {}
lkw.la= 0
function lkw:func(ge)
self.la = self.la + ge
end
function lkw:new()
local res = {}
setmetatable(res, self)
self.__index = self
return res
end
mylkw = lkw:new()
in this example the "class" lkw can create object using new, but what do self and index mean ?
should consider self as this in java/C++ and what is the index ?

This style of OOP is frequent in Lua. I do not like it because it is not explicit enough for me, but let me try to explain.
There are two confusing things: the use of the : sugar in function definitions and the use of the "class" as the metatable for its instances.
First, function a:b(...) is the same as a.b = function(self, ...), so let us remove all sugar:
lkw = {}
lkw.la = 0
lkw.func = function(self, ge)
self.la = self.la + ge
end
lkw.new = function(self)
local res = {}
setmetatable(res, self)
self.__index = self
return res
end
mylkw = lkw.new(lkw)
Now, this is "prototypal inheritance". lkw is the "prototype" for instances like mylkw. This is similar but slightly different from a "class".
When the new constructor is called, lkw is passed as the self argument.
The second and third lines of the constructor are weird. This is probably easier to understand:
lkw.new = function(self)
local res = {}
setmetatable(res, {__index = lkw})
return res
end
i.e.: if we do not find something in the instance we go look for it inside the prototype.
This explains how func works. The first time it is called, the instance will not contain a la key so lkw.la will be used.
The reason the code is not written this way is that the weird construction allows "prototypal inheritance": you could call "new" on mylkw and get an "instance of the instance" (i.e. in prototypal inheritance an instance and a child class are the same thing).
I think this is a very confusing feature. For reference this is about how I would write code that does about the same thing, with no inheritance:
local methods = {
func = function(self, ge)
self.la = self.la + ge
end
}
local lkw = {
new = function()
return setmetatable({la = 0}, {__index = methods})
end
}
local mylkw = lkw.new()

Division of metatable

got some problem with metatable. This is my simple metatable:
local mt = {}
function mt:add(n)
return setmetatable({n = n}, {__index = mt})
end
function mt:get() return self.n end
Now I want to add some division like:
mt.math
mt.effect
Which each one has some own methods like:
mt.math:floor() return math.floor(self:get()) end
mt.effect:show(args) onMapShowEffect(self:get(), {x = x + (args[1] ~= nil or 0), ...) end
mt.effect:get() return getCurrentPos() end
Any ideas?
OK, trying make all details to share my problem.
Player = {}
function Player:add(this)
return setmetatable({this = this}, {__index = Player})
end
Player:get() return self.this end
Above code works perfectly on this example
function enterToGame(player1, player2)
local p1 = Player:add(player1)
local p2 = Player:add(player2)
print(p1:get()) -- ID1
print(p2:get()) -- ID2
Now I want to create some helpfully methods(functions) for table Player. I want to make it more flexible, so I want divide it for classes. Example:
Player.info = {
id = function() return Player:get() end,
}
Player.pos = {
get = function() return getPosition(Player:get()) end,
set = function(args) setPosition(Player:get(), args) end,
}
Player.speed = {
get = function() return getSpeed(Player:get()) end,
set = function(value) setSpeed(value) end,
improve = function(value) setSpeed(Player.speed.get() + value) end,
}
But its not work exactly what I want:
function enterToGame(player1, player2)
local p1 = Player:add(player1)
local p2 = Player:add(player2)
print(p1:get()) -- ID1
print(p2:get()) -- ID2
print(p1.info.id()) -- ID2 instead of ID1
print(p2.info.id()) -- ID2
When I put Player:get() in my methods its return last object declaration.

Based on what you state, if you do
mt.math = mt:add(123)
You don't need themt:get() because mt is the metatable for mt.math. Then
mt.math.floor = function(self) return math.floor(self.n) end
will work as expected. For example,
print(mt.math:floor())
prints 123.
EDIT 1: So now that I have a better understanding of what you are trying to do: normally you would do
p1:id()
p1:getPos()
p1:setPos()
p1:getSpeed()
p1:improveSpeed()
Note the colon, this is important, so that each method gets a "self" as first parameter, thereby given them the table instance to operate on (p1, in the above example). Instead you want to group methods so
p1.info:id()
p1.pos:get()
p1.pos:set()
p1.speed:improve()
p1.speed:get()
These methods will get a self that points to p1.info, p1.pos, etc. But those sub-tables have no knowledge of the container table (p1). The info and pos tables are in the Player class: they are shared by all instances of Player (p1, p2 etc). You have to make the info and pos tables non-shared:
function Player:add(player)
local pN= setmetatable( {n = player, info={}, pos={}}, {__index = Player})
pN.info.id = function() return pN.n end
pN.pos.set = function(x) return setPosition(pN, x) end
return pN
end
Then you get
> p1=mt:add(player1)
> p2=mt:add(player2)
> print(player1)
table: 0024D390
> print(p1.info.id())
table: 0024D390
> print(player2)
table: 0024D250
> print(p2.info.id())
table: 0024D250
All that said, I don't really like the idea of having to use closures like this, perhaps there are gotchas since not everything will be in Player.

Resources