suricata
Macros | Functions
util-lua-sandbox.c File Reference
#include "suricata-common.h"
#include "lua.h"
#include "lauxlib.h"
#include "lualib.h"
#include "util-debug.h"
#include "util-validate.h"
#include "util-lua-sandbox.h"
Include dependency graph for util-lua-sandbox.c:

Go to the source code of this file.

Macros

#define SANDBOX_CTX   "SANDBOX_CTX"
 

Functions

void SCLuaSbLoadLibs (lua_State *L)
 
lua_StateSCLuaSbStateNew (uint64_t alloclimit, uint64_t instructionlimit)
 Allocate a new Lua sandbox. More...
 
SCLuaSbStateSCLuaSbGetContext (lua_State *L)
 
void SCLuaSbStateClose (lua_State *L)
 
void SCLuaSbResetInstructionCounter (lua_State *L)
 

Detailed Description

Author
Jo Johnson pyroj.nosp@m.oe31.nosp@m.4@gma.nosp@m.il.c.nosp@m.om

Definition in file util-lua-sandbox.c.

Macro Definition Documentation

◆ SANDBOX_CTX

#define SANDBOX_CTX   "SANDBOX_CTX"

Definition at line 36 of file util-lua-sandbox.c.

Function Documentation

◆ SCLuaSbGetContext()

SCLuaSbState* SCLuaSbGetContext ( lua_State L)

Get the Suricata Lua sandbox context from the lua_State.

Note: May return null if this Lua state was not allocated from the sandbox.

Definition at line 336 of file util-lua-sandbox.c.

References ctx, and SANDBOX_CTX.

Referenced by SCLuaSbResetInstructionCounter(), and SCLuaSbStateClose().

Here is the caller graph for this function:

◆ SCLuaSbLoadLibs()

void SCLuaSbLoadLibs ( lua_State L)

Load allowed Lua libraries into the state.

Functions from each library that are not in the allowed list are replaced with LuaBlockedFunction.

Definition at line 268 of file util-lua-sandbox.c.

◆ SCLuaSbResetInstructionCounter()

void SCLuaSbResetInstructionCounter ( lua_State L)

Reset the instruction counter for the provided state.

Definition at line 372 of file util-lua-sandbox.c.

References SCLuaSbState::blocked_function_error, SCLuaSbState::instruction_count, SCLuaSbState::instruction_count_error, and SCLuaSbGetContext().

Here is the call graph for this function:

◆ SCLuaSbStateClose()

void SCLuaSbStateClose ( lua_State L)

Definition at line 345 of file util-lua-sandbox.c.

References SCLuaSbState::alloc_bytes, BUG_ON, SCLuaSbState::L, SCFree, and SCLuaSbGetContext().

Here is the call graph for this function:

◆ SCLuaSbStateNew()

lua_State* SCLuaSbStateNew ( uint64_t  alloclimit,
uint64_t  instructionlimit 
)

Allocate a new Lua sandbox.

Returns
An allocated sandbox state or NULL if memory allocation fails.

Definition at line 304 of file util-lua-sandbox.c.

References SCLuaSbState::alloc_bytes, SCLuaSbState::alloc_limit, SCLuaSbState::hook_instruction_count, SCLuaSbState::instruction_limit, SCLuaSbState::L, and SCCalloc.