search

neovim / packspec

ALPHA package dependencies spec
http://packspec.org/
Apache License 2.0
219 stars 2 forks source link

plugin.lua sandbox #7

Closed ii14 closed 2 years ago

ii14 commented 2 years ago

Evaluating plugin.lua will probably look something like this:

local chunk = assert(loadfile('plugin.lua'))
local res = {}
setfenv(chunk, res)
assert(pcall(chunk))

print(vim.inspect(res))

I think it goes without saying that it probably shouldn't be evaluated with full unrestricted access to the global environment. The question is should it be evaluated with a completely clean environment, without access to anything, or with a subset of lua stdlib like for example this:

env ```lua local env = { type = type, tonumber = tonumber, tostring = tostring, select = select, unpack = unpack, next = next, pairs = pairs, ipairs = ipairs, assert = assert, error = error, pcall = pcall, xpcall = xpcall, string = { byte = string.byte, char = string.char, -- no string.dump find = string.find, format = string.format, gmatch = string.gmatch, gsub = string.gsub, len = string.len, lower = string.lower, match = string.match, rep = string.rep, reverse = string.reverse, sub = string.sub, upper = string.upper, }, table = { concat = table.concat, insert = table.insert, maxn = table.maxn, remove = table.remove, sort = table.sort, }, math = { abs = math.abs, acos = math.acos, asin = math.asin, atan = math.atan, atan2 = math.atan2, ceil = math.ceil, cos = math.cos, cosh = math.cosh, deg = math.deg, exp = math.exp, floor = math.floor, fmod = math.fmod, frexp = math.frexp, huge = math.huge, ldexp = math.ldexp, log = math.log, log10 = math.log10, max = math.max, min = math.min, modf = math.modf, pi = math.pi, pow = math.pow, rad = math.rad, -- no math.random -- no math.randomseed sin = math.sin, sinh = math.sinh, sqrt = math.sqrt, tan = math.tan, tanh = math.tanh, } } ```

cc @lewis6991

lewis6991 commented 2 years ago

It's better to be strict to begin with and slowly open things up.

Even in a clean env, users will still be able to use things like local variables, small helper functions, etc, which I don't think is a bad thing.

wbthomason commented 2 years ago

I agree; I don't think that we want plugin.lua to be dynamic, and it makes sense to start as locked-down as we can.

mjlbach commented 2 years ago

Can this be closed since https://github.com/nvim-lua/nvim-package-specification/pull/25 is merged?