From: Jason Ish Date: Fri, 10 Jan 2025 21:40:26 +0000 (-0600) Subject: lua/datasets: rework to be a "required" module X-Git-Tag: suricata-8.0.0-beta1~574 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e397f2101935e6a69fe17e41ede9c8a38bf305e3;p=thirdparty%2Fsuricata.git lua/datasets: rework to be a "required" module Re-work the Lua dataset lib to be required into a user script like: local dataset = require("suricata.data") The main difference from loading it into global space is providing a custom require function (as we removed it in the sandbox) and load it on demand, returning a table to the module. --- diff --git a/src/detect-lua-extensions.c b/src/detect-lua-extensions.c index 9b74d0f864..715e16d2e3 100644 --- a/src/detect-lua-extensions.c +++ b/src/detect-lua-extensions.c @@ -510,24 +510,13 @@ static void SetFuncs(lua_State *luastate, const luaL_Reg *lib) } } -static void CreateMeta(lua_State *luastate) +void LuaLoadDatasetLib(lua_State *luastate) { luaL_newmetatable(luastate, "dataset::metatable"); - lua_pushliteral(luastate, "__index"); - lua_pushvalue(luastate, -2); - lua_rawset(luastate, -3); - SetFuncs(luastate, datasetlib); -} - -static void LuaDatasetRegister(lua_State *luastate) -{ - CreateMeta(luastate); - lua_newtable(luastate); - SetFuncs(luastate, datasetlib); lua_pushvalue(luastate, -1); - lua_setglobal(luastate, "dataset"); - lua_pop(luastate, 1); - lua_pop(luastate, 1); + lua_setfield(luastate, -2, "__index"); + luaL_setfuncs(luastate, datasetlib, 0); + luaL_newlib(luastate, datasetlib); } static int LuaIncrFlowint(lua_State *luastate) @@ -694,8 +683,6 @@ int LuaRegisterExtensions(lua_State *lua_state) lua_pushcfunction(lua_state, LuaGetByteVar); lua_setglobal(lua_state, "SCByteVarGet"); - LuaDatasetRegister(lua_state); - LuaRegisterFunctions(lua_state); LuaRegisterHttpFunctions(lua_state); LuaRegisterDnsFunctions(lua_state); diff --git a/src/detect-lua-extensions.h b/src/detect-lua-extensions.h index 5923108735..7a631a15a3 100644 --- a/src/detect-lua-extensions.h +++ b/src/detect-lua-extensions.h @@ -29,4 +29,6 @@ int LuaRegisterExtensions(lua_State *); void LuaExtensionsMatchSetup(lua_State *lua_state, DetectLuaData *, DetectEngineThreadCtx *det_ctx, Flow *f, Packet *p, const Signature *s, uint8_t flags); +void LuaLoadDatasetLib(lua_State *luastate); + #endif diff --git a/src/util-lua-sandbox.c b/src/util-lua-sandbox.c index c3596f97c5..6b6a97f4c3 100644 --- a/src/util-lua-sandbox.c +++ b/src/util-lua-sandbox.c @@ -32,6 +32,12 @@ #include "util-validate.h" #include "util-lua-sandbox.h" +/* TODO: Need to get Lua dataset support out of detect-lua-extensions, + * shouldn't need to pull in detect-engine, if via another include. */ +#include "detect-lua.h" +#include "detect-engine.h" +#include "detect-lua-extensions.h" + #define SANDBOX_CTX "SANDBOX_CTX" static void HookFunc(lua_State *L, lua_Debug *ar); @@ -259,6 +265,18 @@ static const luaL_Reg AllowedLibs[] = { // clang-format on }; +static int SCLuaSbRequire(lua_State *L) +{ + const char *module_name = luaL_checkstring(L, 1); + + if (strcmp(module_name, "suricata.dataset") == 0) { + LuaLoadDatasetLib(L); + return 1; + } + + return luaL_error(L, "Module not found: %s", module_name); +} + /** * Load allowed Lua libraries into the state. * @@ -293,6 +311,10 @@ void SCLuaSbLoadLibs(lua_State *L) } lua_pop(L, 1); } + + /* Setup our custom require. */ + lua_pushcfunction(L, SCLuaSbRequire); + lua_setglobal(L, "require"); } /**