Moongate Documentation

[Fomoria]

There already is, but dangerous as it is to directly expose lua on a server, exposing DLLs would be pure madness.

Sandboxing allows you to pick and choose what functions are available. Hell, it's entirely opt-in. This stuff is safe, and if you don't think it's safe enough you can wrap functions in filters that remove abusive parameter values.

You can even wrap objects transparently whilst still imposing method-specific filters, all setup automatically.

Tada.

Code:

function wrap_object( obj)
    local meta = { _F = {}, _M = {}, _R = {}}

    function meta:__index( key)
        if type( obj[key]) == "function" then
            meta._M[key] = meta._M[key] or function (...)
                        local args = {...}
                        for i, j in ipairs( args) do
                            if j == self then args[i] = obj end
                        end
                        if meta._F[key] then meta._F[key]( args) end
                        local returns = {obj[key]( unpack( args))}
                        if meta._R[key] then meta._R[key]( returns) end
                        return unpack( returns)
                    end
        end
        return meta._M[key] or obj[key]
    end

    local wrapper = setmetatable({}, meta)
    return wrapper
end

I'll give you an example of adding a filter.

Code:

obj = wrap_object( obj)
getmetatable( obj)._F.method = function( args)
    if not string.find( args[2], ".txt", 1, true) then
        args[2] = args[2] .. ".txt"
    end
end

As a disclaimer, I'd not trust my code. It seems to work well for me, but if you want to incorporate it into something with security importance you should really test it properly yourself.

I'm feeling strangely productive, this was all written in the pat half an hour for a component in an image recognition system. I wanted to add some helper methods to a returned object, and didn't want to write to the object itself. Lua is entertaining for being capable of deluding itself.

[Syranide]

Sandboxing allows you to pick and choose what functions are available. Hell, it's entirely opt-in. This stuff is safe, and if you don't think it's safe enough you can wrap functions in filters that remove abusive parameter values.

You can even wrap objects transparently whilst still imposing method-specific filters, all setup automatically.

Tada.

Code:

function wrap_object( obj)
    local meta = { _F = {}, _M = {}, _R = {}}
 
    function meta:__index( key)
        if type( obj[key]) == "function" then
            meta._M[key] = meta._M[key] or function (...)
                        local args = {...}
                        for i, j in ipairs( args) do
                            if j == self then args[i] = obj end
                        end
                        if meta._F[key] then meta._F[key]( args) end
                        local returns = {obj[key]( unpack( args))}
                        if meta._R[key] then meta._R[key]( returns) end
                        return unpack( returns)
                    end
        end
        return meta._M[key] or obj[key]
    end
 
    local wrapper = setmetatable({}, meta)
    return wrapper
end

I'll give you an example of adding a filter.

Code:

obj = wrap_object( obj)
getmetatable( obj)._F.method = function( args)
    if not string.find( args[2], ".txt", 1, true) then
        args[2] = args[2] .. ".txt"
    end
end

As a disclaimer, I'd not trust my code. It seems to work well for me, but if you want to incorporate it into something with security importance you should really test it properly yourself.

I'm feeling strangely productive, this was all written in the pat half an hour for a component in an image recognition system. I wanted to add some helper methods to a returned object, and didn't want to write to the object itself. Lua is entertaining for being capable of deluding itself.

I was referring to loading DLLs, exposing that inside this is definately not safe.
And, no, it may be safe as far as it goes for cheating/stealing, but you can still crash/hang servers at will.

[Fomoria]

I was referring to loading DLLs, exposing that inside this is definately not safe.
And, no, it may be safe as far as it goes for cheating/stealing, but you can still crash/hang servers at will.

Loading DLLs is, yes, unsafe. Which is why you certainly wouldn't want to expose that functionality. Parts of the functionality for an already loaded DLL can be perfectly safe to expose. Can be, but aren't necessarily.

And, yes, the MoonGate is a crash/hang risk. Which will keep it from WireMod core distribution, I assume. It's a risk I'd take for how easy it is to use.

I got the impression that you were criticising it on the capacity for DLLs to expose greater security holes than simple DoS attacks.

[Whodunnit]

hmm,i tested this and whenever i click update list, it gives me some error failed to call nil value or whatever.

[Generic Default]

Well, I don't understand lua that well but is it possible to make in-game weapons with this? Like make it spawn a rocket with a velocity of 100000 at the coordinates of the moongate then angle it so the moongate chip basically becomes a rocket launcher?

[MagnetoHydroDynamics]

One question... Can you run tracers with this? *wonders if you can use this to create the quickest camera ever*

BTW it says i have to wait 43 minutes before i can download...

[Arch-mage]

I know that this is a old thread. Any ways I install it just like u said it would appear in my wire menu.

[cpf]

Hmm, kindof a bump, but the "refresh" button doesn't work for me (in SP at least), it can't index self, a nil value, on line 173 of the stool...

[Shaneje]

This, along side the Exp2 gate, rocks all that is wiremod!

Have you concidered a admin extention?
By this I mean that currenly no user can code lua that can effect players and such. However admins of a server are usually those who would not abuse the ability of being able to effect players and other entities.

Could you code a means of checking if the user who is spawning the gate is a admin, if they are the the entity and player meta tables and globals are added to the lists.
All users could create inputs and outputs with a datatype 'Entity aka <var>:E' but only admin can make use for them.

I think this would make the best addition to it, there is just tons of little things I would do with this already on our server.
(Could even make a prop secure system from it etc !)

Great job on the moongate though mate, I look forward to updates.
Concider the Admin stuff ;-)

ps: I've tried adding the admin stuff into my version on my own listen server but am not sure quite how to do it.
I have it partly working, but decided to give it up and let the expert lua coders do it! :P
Cheers guys!

[seth1010]

With the globals, Does this mean that you can process global values originating from a game-mode, or clientside script. I have always wanted to make a VGUI that can output globals and then have wiremod process them and make stuff do things.