vararg is impossible

[Kimapr]

I can't use varargs (function(a,b,...)). When i try to type ..., it says .. is not allowed. Why check for disallowed contructs with string.find? Lua syntax isn't as simple as this.

[ac-minetest]

i use preprocess code to insert checks into 'problematic spots', like in for loops, function calls. The idea is to prevent infinite recursion, stuck loop for users without privileges.

im aware this isnt perfect because you have many holes (sure running in pure lua interpreter or using debug.hooks would solve it), however i still did it as a learning 'experience'. Ideally continuing with this i could make preprocessor detect a..b..c ... and transform it into SAFE_CONCATENATE(a,b,c,...) Not sure yet how much trouble this would be, because we have stuff like "hello.." .. " world ...". i already have string detection in preprocessor so it might not be much.

[ac-minetest]

maybe i could still allow ... by using %.%.[^%.] as search pattern in 'not allowed' list

[Kimapr]

you shouldn't search for bad expressions with plain string.find. Consider using a Lua parser, then insert things into that, then rebuild it into code.

this can help

EDIT: I think MetaLua fits purpose of editing code run-time better

[ac-minetest]

yueliang looks complicated, i don't have a good feeling adding blackboxes i don't understand well (well lua vm is blackbox for me too so maybe i talk bs heh). Will look into MetaLua.

What i would need is something relatively simple (maybe i can write myself) that can transform potentially dangerous lua expressions into safe form. I think i did this for 'for loops', 'function calls' but stuff like a..b .. c .. d .. e2131 .. looks more annoying, would need extra pass.

Check out my "lua obfuscator" https://github.com/ac-minetest/obfuscator . It works on more complex things i did too, like "bignum in lua" https://github.com/ac-minetest/basic_robot_csm/blob/master/init.lua#L486 . It identifies all variables used and local variables and replaces local variables.