lua/datasets: rework to be a "required" module

Re-work the Lua dataset lib to be required into a user script like:

    local dataset = require("suricata.data")

The main difference from loading it into global space is providing a
custom require function (as we removed it in the sandbox) and load it on
demand, returning a table to the module.

diff --git a/src/detect-lua-extensions.c b/src/detect-lua-extensions.c
index 9b74d0f8649fdd80e8f3d0b60ada74ea022d38be..715e16d2e3cb39aa04b37c0bbee26baae284e055 100644 (file)
--- a/src/detect-lua-extensions.c
+++ b/src/detect-lua-extensions.c
@@ -510,24 +510,13 @@ static void SetFuncs(lua_State *luastate, const luaL_Reg *lib)
     }
 }
 
-static void CreateMeta(lua_State *luastate)
+void LuaLoadDatasetLib(lua_State *luastate)
 {
     luaL_newmetatable(luastate, "dataset::metatable");
-    lua_pushliteral(luastate, "__index");
-    lua_pushvalue(luastate, -2);
-    lua_rawset(luastate, -3);
-    SetFuncs(luastate, datasetlib);
-}
-
-static void LuaDatasetRegister(lua_State *luastate)
-{
-    CreateMeta(luastate);
-    lua_newtable(luastate);
-    SetFuncs(luastate, datasetlib);
     lua_pushvalue(luastate, -1);
-    lua_setglobal(luastate, "dataset");
-    lua_pop(luastate, 1);
-    lua_pop(luastate, 1);
+    lua_setfield(luastate, -2, "__index");
+    luaL_setfuncs(luastate, datasetlib, 0);
+    luaL_newlib(luastate, datasetlib);
 }
 
 static int LuaIncrFlowint(lua_State *luastate)
@@ -694,8 +683,6 @@ int LuaRegisterExtensions(lua_State *lua_state)
     lua_pushcfunction(lua_state, LuaGetByteVar);
     lua_setglobal(lua_state, "SCByteVarGet");
 
-    LuaDatasetRegister(lua_state);
-
     LuaRegisterFunctions(lua_state);
     LuaRegisterHttpFunctions(lua_state);
     LuaRegisterDnsFunctions(lua_state);

diff --git a/src/detect-lua-extensions.h b/src/detect-lua-extensions.h
index 5923108735d133b5156465c2e76fb071276eac44..7a631a15a3b9bd98f4f5ee24558224c5ef50fae9 100644 (file)
--- a/src/detect-lua-extensions.h
+++ b/src/detect-lua-extensions.h
@@ -29,4 +29,6 @@ int LuaRegisterExtensions(lua_State *);
 void LuaExtensionsMatchSetup(lua_State *lua_state, DetectLuaData *, DetectEngineThreadCtx *det_ctx,
         Flow *f, Packet *p, const Signature *s, uint8_t flags);
 
+void LuaLoadDatasetLib(lua_State *luastate);
+
 #endif

diff --git a/src/util-lua-sandbox.c b/src/util-lua-sandbox.c
index c3596f97c54381070a660b5b329f26d8e328800a..6b6a97f4c3b9c69627de2d63d26457f26a54c3b0 100644 (file)
--- a/src/util-lua-sandbox.c
+++ b/src/util-lua-sandbox.c
@@ -32,6 +32,12 @@
 #include "util-validate.h"
 #include "util-lua-sandbox.h"
 
+/* TODO: Need to get Lua dataset support out of detect-lua-extensions,
+ * shouldn't need to pull in detect-engine, if via another include. */
+#include "detect-lua.h"
+#include "detect-engine.h"
+#include "detect-lua-extensions.h"
+
 #define SANDBOX_CTX "SANDBOX_CTX"
 
 static void HookFunc(lua_State *L, lua_Debug *ar);
@@ -259,6 +265,18 @@ static const luaL_Reg AllowedLibs[] = {
     // clang-format on
 };
 
+static int SCLuaSbRequire(lua_State *L)
+{
+    const char *module_name = luaL_checkstring(L, 1);
+
+    if (strcmp(module_name, "suricata.dataset") == 0) {
+        LuaLoadDatasetLib(L);
+        return 1;
+    }
+
+    return luaL_error(L, "Module not found: %s", module_name);
+}
+
 /**
  * Load allowed Lua libraries into the state.
  *
@@ -293,6 +311,10 @@ void SCLuaSbLoadLibs(lua_State *L)
         }
         lua_pop(L, 1);
     }
+
+    /* Setup our custom require. */
+    lua_pushcfunction(L, SCLuaSbRequire);
+    lua_setglobal(L, "require");
 }
 
 /**