Set _ENV from C++ for string function

Question

In my project I'm executing some lua functions contained in an XML file. I read the XML from C++, parse the code strings, execute them and get the result. All of the related questions I have found either used a dedicated .lua file or did it in Lua directly and I couldn't find a solution that worked for my case.

I can't modify the functions in the file and they all have the following signature:

function() --or function ()
    --do stuff
    return foo
end

from C++ i load them like so:

lua_State *L = luaL_newstate();
luaL_openlibs(L);
std::string code = get_code_from_XML();
std::string wrapped_code = "return " + code;
luaL_loadstring(L, wrapped_code.c_str());
if (lua_pcall(L, 0, 1, 0)){
    return 1;
}

argNum = load_arg_number();

if (lua_pcall(L, argNum, 1, 0)){
    return 1;
}
return 0;

Everything works but running arbitrary Lua code from an XML string doesn't seem very safe so i wanted to set up a whitelist of functions that the code can use.

Following this lua-users discussion i created my list of allowed functions like:

// Of course my list is bigger
std::string whitelist = "sandbox_env = {ipairs = ipairs} _ENV = sandbox_env"

The problem is that I don't understand how to load it to be available in the functions that I'm calling.

I tried doing it like on the lua-users website:

std::string Lua_sandboxed_script_to_run( Lua_sandboxing_script + Lua_script_to_run )

if (luaL_dostring(sandboxed_L, Lua_sandboxed_script_to_run))
{
   // error checking
}

But this results in the function not being loaded correctly and the Lua error

Trying to execute a string value

I also tried to do:

luaL_loadstring(L, whitelist.c_str());
lua_getglobal(L, "_ENV");
lua_setupvalue(L, -2, 1);

Before executing the loaded XML function, this doesn't crash the program but doesn't set the _ENV for the called function either.

The only way I have found to have what I want is to parse the function string with C++ searching for (), insert whitelist after it and then luaL_loadstring and lua_pcall it twice to execute it.

Like this:

.
.
size_t n = code.find("()") + 2;
code.insert(n, whitelist);
std::string wrapped_code = "return " + code;
.
.

This works and sets my custom _ENV for the function but seems to me like a really hacky way to go about it.

How can I set the _ENV variable for a string function loaded from C in a nicer way?

Bonus points if there is a way to save it once for the whole lua_State instead of every time I call a function.

See Reference Manual [2.2](https://www.lua.org/manual/5.3/manual.html#2.2), [`lua_load`](https://www.lua.org/manual/5.3/manual.html#lua_load) and [4.5](https://www.lua.org/manual/5.3/manual.html#4.5). If nobody will respond by the time I get back from the work I should find some time to elaborate. — Aki, Oct 29 '19 at 11:17
@Green Thanks, yeah I've been reading the manual since a couple of days. I think what you have linked is what I'm trying to do with my second attempt and ```lua_getglobal(L, "_ENV"); lua_setupvalue(L, -2, 1)``` but I'm clearly missing something — John Doe, Oct 29 '19 at 11:26
That's only one of the solutions you can find in those references. The problem with this very sample of yours is that you don't seem to do the script you have loaded. You can see how it is done in lua itself ([`load_aux`](https://www.lua.org/source/5.3/lbaselib.c.html#load_aux); they don't load the environment but expect existing table to be on stack). — Aki, Oct 29 '19 at 11:39
@Green I don't think I understand what you mean by "do the script I have loaded" — John Doe, Oct 29 '19 at 11:54
Call it. `lua_load` and derivatives only load the chunk, they don't execute it as per [manual](https://www.lua.org/manual/5.3/manual.html#lua_load). — Aki, Oct 29 '19 at 12:15
@Green Ok maybe I wasn't very clear in the question, I added a line. When i try to change ```_ENV``` i use ```lua_setupvalue``` that pops it from the stack and then I run my string function like I did in the previous paragraph but the ```_ENV``` is not the one i tried to load. — John Doe, Oct 29 '19 at 12:18
The point was: you need to have a table that will describe the new environment in the first position of the stack when you call `lua_setupvalue`. You most likely have a `nil` after the `getglobal` since `_ENV` is an upvalue not a global. Anyway, I promise to post a solid answer in like 6 hours. — Aki, Oct 29 '19 at 12:42
@Green yeah no worries, I,ll try to figure it out on the meantime — John Doe, Oct 29 '19 at 13:35

Aki · Accepted Answer · 2019-10-30T10:01:04.343

Before we dive into examples let's explain how (and at what level) we can more-or-less sandbox code in Lua:

Globally - remove or never add unwanted modules/functions into the global environment.
Chunk(ly) - modify the _ENV upvalue of a chunk.
Locally - modify _ENV through a local or upvalue in Lua script. It can be propagated then to children via upvalue.

Looking at the examples provided in the question you tried to do either 2 or 3.

I'm not sure what are your needs but I will try to provide you examples for each of the approaches listed above. Please note that those examples are not the ultimate ones, are not the only possible approaches and do not take yours return function () ... end wrapper. Pick any that suits you.

Globally

This one is very straight-forward. If you don't plan to use all of the libraries provided...

lua_State * L = luaL_newstate();
luaL_openlibs(L); // <-- Remove this

... then just don't load them:

lua_State * L = luaL_newstate();
// Instead of luaL_openlibs:
luaL_requiref(L, "_G", luaopen_base, 1);
luaL_requiref(L, LUA_MATHLIBNAME, luaopen_math, 1);
luaL_requiref(L, LUA_TABLIBNAME, luaopen_table, 1);
// luaL_requiref pushes to stack - clean it up:
lua_pop(L, 3);
// Load and execute desired scripts here.

Refer to 6 Standard Libraries and linit.c for list of available libraries. See also: luaL_requiref.

In addition to selective library loading you can also remove selected globals by setting them to nil:

lua_pushnil(L);
lua_setglobal(L, "print");

You set this once for the lua_State.

Chunk(ly)

Let's limit ourselves to a very basic operation of changing the first upvalue of loaded main chunk. The first upvalue of such chunk is expected to be _ENV (reference below).

Note that I said main chunk. In general you will rarely load chunks that expect something else than _ENV as their first upvalue but it is always nice to remember about such case.

Anyway, consider following example:

lua_State * L = luaL_newstate();
luaL_openlibs(L);
luaL_loadstring(L, "print2 \"Hello there\"");
// (A) Create a table with desired environment and place it at the top of the stack.
//     Replace this comment with any of the options described below
lua_setupvalue(L, -2, 1);
lua_call(L, 0, 0);

You can achieve (A) in various ways. You could use Lua C API:

lua_newtable(L);
lua_pushliteral(L, "print2");
lua_getglobal(L, "print");
lua_settable(L, -3);

Or you could do it via dostring:

lua_dostring(L, "return { print2 = print }");

Or you could try yet another approach, similar to one from the question:

lua_dostring(L, "sandbox_env = { print2 = print }"); // Without _ENV = sandbox_env
lua_getglobal(L, "sandbox_env");

General reference on environments: 2.2 Environments and the Global Environment.

See lua_setupvalue documentation for usage details.

See another example in load_aux. Note that this is part of the source code for load function available in Lua. This function allows to set environment of loaded chunk through one of its arguments (see load).

Locally

You could either modify upvalue _ENV or override it with a local directly in the Lua script. Let's do the latter:

local _ENV = { print2 = print }
(function ()
   print2("Hello there")
end)()

This means you could wrap loaded script and run it like this:

std::string loaded_script /* = ... */;
std::string wrapped_script = "local _ENV = { print2 = print }; (" + loaded_script + ")()";
luaL_loadstring(L, wrapped_script.c_str());
lua_call(L, 0, 0);

This will work with return function () ... end wrap, too (instead of (...)()). That's because local _ENV will be passed as upvalue to returned anonymous function.

Refer to Environments Tutorial for more verbose explanation on environments manipulation inside Lua.

Thank you for the detailed explanation and multiple cases. I think I almost got it right but my problem while calling ```lua_dostring``` in my attempts was that I forgot the ```return``` before the table so it was loaded on the stack with the wrong type. There could have maybe be some other things but I changed the code a bit trying to make it work so I don't remember exactly. — John Doe, Oct 30 '19 at 08:55
If you mean your sample we have discussed in the comments - you could just `lua_dostring(L, "sandbox_env = {ipairs = ipairs} _ENV = sandbox_env");` and then `lua_getglobal(L, "sandbox_env"); lua_setupvalue(L, -2, 1);`. And yes, in this case assignment to `_ENV` is unnecessary. I will add it in the answer. — Aki, Oct 30 '19 at 09:03

Set _ENV from C++ for string function

1 Answers1

Globally

Chunk(ly)

Locally