Lua comes with some standard libraries that can be included in the distribution. Currently foldit has no support for these standard libraries.
World of Warcraft (WOW) also uses Lua as their scripting language. Since they are far more likely to be hacked than foldit, you can trust that they have carefully examined the function list. You can find the functions that they implemented here: http://www.wowwiki.com/Lua_functions
The following functions should be added to the foldit distribution:
The following standard functions should be included or excluded as shown:
- _G: safe to include, doesn't expose anything harmful, useful with getfenv/setfenv
- _VERSION: include
- assert: include, good for error control (used in WOW)
- collectgarbage: include, useful for large, intensive scripts (used in WOW)
- dofile: potentially dangerous and could be very useful, allows executing a script mid-script (like calling a 'blue fuse script' during a 'rebuild segment' script), in the C bind, don't allow reading files outside script directory
- error: include, like assert, useful for error control (used in WOW)
- getfenv: (low priority) include, good for multilevel scripting (used in WOW)
- getmetatable: (low priority) include, useful (used in WOW)
- ipairs: (high priority) include include include include ... and include (used in WoW)
- load: this should be skipped, loadfile or require and dofile would replace its functionality in a more friendly manner, useful for hiding functions or obfusication
- loadfile: potentially dangerous and very useful, used in WOW as 'include' from their addon definition, in the C bind, don't allow reading files outside script directory
- loadstring: see loadfile, include (used in WOW)
- module: ? ???
- next: (high priority) include, very useful (used in WOW)
- pairs: (high priority) include, include, include (used in WOW)
- pcall: (low priority) include, very useful for error control (used in WOW)
- print: already implemented
- rawequal: (low priority) safe, can be included, roughly it can be said to be a 'ignore any special stuff, is X == Y', useful with metatables
- rawget: (low priority) safe, can be included, roughly equiv to 'ignore any special stuff, what is X', useful with metatables
- rawset: (low priority) safe, can be included, roughly equiv to 'ignore any special stuff, X=Y', useful with metatables
- require: potentially dangerous and could be very useful, allows making a script need another script to function, in the C bind, don't allow reading files outside script directory, and change the C to only allow lua files
- select: include (used in WOW)
- setfenv: (low priority) include (used in WOW)
- setmetatable: (low priority) include (used in WOW)
- tonumber: (high priority) include, extremely useful (used in WOW)
- tostring: (high priority) include, extremely useful (used in WOW)
- type: (high priority) include, helps with above two (used in WOW)
- unpack: (high priority) include, very useful with ... args (used in WOW) easily done in lua without C bind, but C is MUCH faster
- xpcall: (low priority) include (used in WOW)
- break: (high priority) (non-standard, very common added function, patches abound) potentially VERY useful, completely safe, when called it exits a loop (while, for) chunk
The coroutine functions can be excluded from the distribution. Very limited usage, as these control multithreading, and only one 'thing' can happen at a time.
- coroutine.create: exclude
- coroutine.resume: exclude
- coroutine.running: exclude
- coroutine.status: exclude
- coroutine.wrap: exclude
- coroutine.yield: exclude
These debug functions can be excluded from being able to be called by scripts. However, they might be used by the foldit user interface. Having a scripting debugger would be a useful addition, allowing stepping through the code a line at a time. This is, however, a lower priority than many other things.
- debug.debug: exclude
- debug.getfenv: exclude
- debug.gethook: exclude
- debug.getinfo: exclude
- debug.getlocal: exclude
- debug.getmetatable: exclude
- debug.getregistry: exclude
- debug.getupvalue: exclude
- debug.setfenv: exclude
- debug.sethook: exclude
- debug.setlocal: exclude
- debug.setmetatable: exclude
- debug.setupvalue: exclude
- debug.traceback: exclude
File and IO Functions
These functions, while useful, make foldit a potential vector for numerous security problems. The only way they should be added to the game is if they are limited to a reading files from particular directory on the disk. Any function that is able to write to the disk is excluded, unless severely restricted. Note that just being able to write an arbitrary file to a disk can be used to write over a system file. Probably better to just exclude them altogether. Some foldit functions might allow a very limited set of file operations to one directory on the disk.
- file:close: exclude
- file:flush: exclude
- file:lines: exclude
- file:read: exclude
- file:seek: exclude
- file:setvbuf: exclude
- file:write: exclude
- io.close: exclude
- io.flush: exclude
- io.input: exclude
- io.lines: exclude
- io.open: exclude
- io.output: exclude
- io.popen: exclude
- io.read: exclude
- io.stderr: exclude
- io.stdin: exclude
- io.stdout: exclude
- io.tmpfile: exclude
- io.type: exclude
- io.write: exclude
We need the entire Lua standard math library to be added to the distribution. This should be entirely safe. WOW includes all these functions, although they provide wrappers that accept degrees rather than radians.
Most can already be performed without enough basic math, however exposing functions tied to their C counterparts would be much faster with higher accuracy.
- math.abs: include
- math.acos: include
- math.asin: include
- math.atan: include
- math.atan2: include
- math.ceil: include
- math.cos: include
- math.cosh: include
- math.deg: include
- math.exp: include
- math.floor: include
- math.fmod: include
- math.frexp: include
- math.huge: include
- math.ldexp: include
- math.log: include
- math.log10: include
- math.max: include
- math.min: include
- math.modf: include
- math.pi: include
- math.pow: include
- math.rad: include
- math.random: include
- math.randomseed: include
- math.sin: include
- math.sinh: include
- math.sqrt: include
- math.tan: include
- math.tanh: include
Some of these are very dangerous, but others are completely harmless and useful.
- os.clock: include
- os.date: include (used in WOW as date instead of os.date)
- os.difftime: include
- os.execute: exclude
- os.exit: exclude
- os.getenv: exclude
- os.remove: exclude
- os.rename: exclude
- os.setlocale: exclude
- os.time: include (used in WOW as time instead of os.time)
- os.tmpname: exclude
The package functions should be selectively included to allow libraries of functions. They should only allow lua packages from a certain directory on the disk. By default lua allows packages written in C and from anywhere on the disk. This should be prohibited. An expansion of this section is forthcoming detailing what changes need to be made and what functions to include and exclude.
There are some additional issues to think about. If a recipe relies on a package, when the recipe is downloaded from the web site, what is the mechanism that the package is too? What if two different recipes rely on two different versions of the same package that are incompatible? Some required naming conventions for the package files might be enforced, with something like the id number from the web site embedded into the file name when it is downloaded.
- package.cpath: ?
- package.loaded: ?
- package.loaders: ?
- package.loadlib: ?
- package.path: ?
- package.preload: ?
- package.seeall: ?
We need the entire Lua standard string library to be added to the distribution. This should be entirely safe.
- string.byte: include (used in WOW as strbyte instead of string.byte)
- string.char: include (used in WOW as strchar instead of string.char)
- string.dump: include
- string.find: include (used in WOW as strfind instead inf string.find)
- string.format: include (used in WOW as format instead of string.format)
- string.gmatch: include
- string.gsub: include (used in WOW as gsub instead of string.gsub)
- string.len: include (used in WOW as strlen instead of string.len)
- string.lower: include (used in WOW as strlower instead of string.lower)
- string.match: include (used in WOW as strmatch instead of string.match)
- string.rep: include (used in WOW as strrep instead of string.rep)
- string.reverse: include (used in WOW as strrev instead of string.reverse)
- string.sub: include (used in WOW as strsub instead of string.sub)
- string.upper: include (used in WOW as strupper instead of string.upper)
We need the Lua standard table library to be added to the distribution. This is no more dangerous than other parts of Lua, where a runaway or malicious script can eat all available memory.
- table.concat: include
- table.insert: include (used in WOW as tinsert instead of table.insert)
- table.maxn: include
- table.remove: include (used in WOW as tremove instead of table.remove)
- table.sort: include (used in WOW as sort instead of table.sort)
- table.unpack: include (converts a table into an array that can be used as the argument of foldit functions that accept a list of segments, like get_aa)
Lua and LuaL Functions
The Lua and LuaL functions should be excluded.