Add LuaSandbox extension

git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@347858 c90b9560-bf6c-de11-be94-00142212c4b1

Author: tstarling

appendices/extensions.xml

@@ -431,6 +431,7 @@
     <listitem><para><xref linkend="book.lapack"/></para></listitem>
     <listitem><para><xref linkend="book.libevent"/></para></listitem>
     <listitem><para><xref linkend="book.lua"/></para></listitem>
+    <listitem><para><xref linkend="book.luasandbox"/></para></listitem>
     <listitem><para><xref linkend="book.lzf"/></para></listitem>
     <listitem><para><xref linkend="book.mailparse"/></para></listitem>
     <listitem><para><xref linkend="book.maxdb"/></para></listitem>

reference/luasandbox/book.xml

@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- $Revision$ -->
+
+<book xml:id="book.luasandbox" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink">
+ <title>LuaSandbox</title>
+ <titleabbrev>LuaSandbox</titleabbrev>
+
+ <preface xml:id="intro.luasandbox">
+  &reftitle.intro;
+  <para>
+   LuaSandbox is an extension for PHP 5, PHP 7, and HHVM to allow safely
+   running untrusted Lua 5.1 code from within PHP.
+  </para>
+  <para>
+   Differences compared to the <link linkend="book.lua">Lua</link> extension:
+   <itemizedlist>
+    <listitem>
+     <para>
+      LuaSandbox has support for time and memory limits.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      LuaSandbox provides a default-safe environment for running untrusted code.
+      Stock Lua functions were reviewed for security, and several were patched
+      accordingly.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      LuaSandbox has a PHP interface which is more complex, precise and powerful,
+      but it is less convenient for developers.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      LuaSandbox supports only Lua 5.1. It is difficult to change this, because
+      LuaSandbox uses heavily modified Lua standard libraries, and
+      due to the lack of backwards compatibility between major Lua versions.
+      LuaSandbox aims to maximise backwards compatibility with user-supplied
+      scripts.
+     </para>
+    </listitem>
+   </itemizedlist>
+  </para>
+ </preface>
+
+ &reference.luasandbox.setup;
+ <!-- &reference.luasandbox.constants; -->
+ &reference.luasandbox.differences;
+ &reference.luasandbox.examples;
+
+ <!-- &reference.luasandbox.reference; -->
+
+ &reference.luasandbox.luasandbox;
+ &reference.luasandbox.luasandboxfunction;
+ &reference.luasandbox.luasandboxerror;
+ &reference.luasandbox.luasandboxerrorerror;
+ &reference.luasandbox.luasandboxfatalerror;
+ &reference.luasandbox.luasandboxmemoryerror;
+ &reference.luasandbox.luasandboxruntimeerror;
+ &reference.luasandbox.luasandboxsyntaxerror;
+ &reference.luasandbox.luasandboxtimeouterror;
+
+</book>
+
+<!-- Keep this comment at the end of the file
+Local variables:
+mode: sgml
+sgml-omittag:t
+sgml-shorttag:t
+sgml-minimize-attributes:nil
+sgml-always-quote-attributes:t
+sgml-indent-step:1
+sgml-indent-data:t
+indent-tabs-mode:nil
+sgml-parent-document:nil
+sgml-default-dtd-file:"~/.phpdoc/manual.ced"
+sgml-exposed-tags:nil
+sgml-local-catalogs:nil
+sgml-local-ecat-files:nil
+End:
+vim600: syn=xml fen fdm=syntax fdl=2 si
+vim: et tw=78 syn=sgml
+vi: ts=1 sw=1
+-->

reference/luasandbox/configure.xml

@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- $Revision$ -->
+
+<section xml:id="luasandbox.installation" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink">
+ &reftitle.install;
+
+ <para>
+  &pecl.info;
+  <link xlink:href="&url.pecl.package;luasandbox">&url.pecl.package;luasandbox</link>
+ </para>
+
+</section>
+
+
+<!-- Keep this comment at the end of the file
+Local variables:
+mode: sgml
+sgml-omittag:t
+sgml-shorttag:t
+sgml-minimize-attributes:nil
+sgml-always-quote-attributes:t
+sgml-indent-step:1
+sgml-indent-data:t
+indent-tabs-mode:nil
+sgml-parent-document:nil
+sgml-default-dtd-file:"~/.phpdoc/manual.ced"
+sgml-exposed-tags:nil
+sgml-local-catalogs:nil
+sgml-local-ecat-files:nil
+End:
+vim600: syn=xml fen fdm=syntax fdl=2 si
+vim: et tw=78 syn=sgml
+vi: ts=1 sw=1
+-->

reference/luasandbox/constants.xml

@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- $Revision$ -->
+
+<appendix xml:id="luasandbox.constants" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink">
+ &reftitle.constants;
+ &no.constants;
+</appendix>
+
+<!-- Keep this comment at the end of the file
+Local variables:
+mode: sgml
+sgml-omittag:t
+sgml-shorttag:t
+sgml-minimize-attributes:nil
+sgml-always-quote-attributes:t
+sgml-indent-step:1
+sgml-indent-data:t
+indent-tabs-mode:nil
+sgml-parent-document:nil
+sgml-default-dtd-file:"~/.phpdoc/manual.ced"
+sgml-exposed-tags:nil
+sgml-local-catalogs:nil
+sgml-local-ecat-files:nil
+End:
+vim600: syn=xml fen fdm=syntax fdl=2 si
+vim: et tw=78 syn=sgml
+vi: ts=1 sw=1
+-->

reference/luasandbox/differences.xml

@@ -0,0 +1,130 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- $Revision$ -->
+<chapter xml:id="reference.luasandbox.differences" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink">
+ <title>Differences from Standard Lua</title>
+
+ <para>
+  LuaSandbox provides a sandboxed environment which differs in some ways from standard Lua 5.1.
+ </para>
+
+ <simplesect xml:id="reference.luasandbox.differences.unavailable">
+  <title>Features that are not available</title>
+  <para>
+   <itemizedlist>
+    <listitem>
+     <para>
+      <literal>dofile()</literal>, <literal>loadfile()</literal>, and the <literal>io</literal> package, as they allow direct filesystem access. If needed, filesystem access should be done via PHP callbacks.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      The <literal>package</literal> package, including <literal>require()</literal> and <literal>module()</literal>, as it depends heavily on direct filesystem access. A pure-Lua rewrite such as that used in the MediaUncyclo Scribunto extension may be used instead.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      <literal>load()</literal> and <literal>loadstring()</literal>, to allow for static analysis of Lua code.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      <literal>print()</literal>, since it outputs to standard output. If needed, output should be done via PHP callbacks.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      Most of the <literal>os</literal> package, as it allows manipulation of the process and executing of other processes.
+     </para>
+     <para>
+      <itemizedlist>
+       <listitem>
+        <para>
+         <literal>os.clock()</literal>, <literal>os.date()</literal>, <literal>os.difftime()</literal>, and <literal>os.time()</literal> remain available.
+        </para>
+       </listitem>
+      </itemizedlist>
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      Most of the <literal>debug</literal> package, as it allows manipulation of Lua state and metadata in ways that can break sandboxing.
+     </para>
+     <para>
+      <itemizedlist>
+       <listitem>
+        <para>
+         <literal>debug.traceback()</literal> remains available.
+         </para>
+       </listitem>
+      </itemizedlist>
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      <literal>string.dump()</literal>, as it may expose internal data.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      <literal>collectgarbage()</literal>, <literal>gcinfo()</literal>, and the <literal>coroutine</literal> package have not been reviewed for security.
+     </para>
+    </listitem>
+   </itemizedlist>
+  </para>
+ </simplesect>
+
+ <simplesect xml:id="reference.luasandbox.differences.modified">
+  <title>Features that have been modified</title>
+  <para>
+   <itemizedlist>
+    <listitem>
+     <para>
+      <literal>pcall()</literal> and <literal>xpcall()</literal> cannot catch certain errors, particularly timeout errors.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      <literal>tostring()</literal> does not include pointer addresses.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      <literal>string.match()</literal> has been patched to limit the recursion depth and to periodically check for a timeout.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      <literal>math.random()</literal> and <literal>math.randomseed()</literal> are replaced with versions that don't share state with PHP's <literal>rand()</literal>.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      The Lua 5.2 <literal>__pairs</literal> and <literal>__ipairs</literal> metamethods are supported by <literal>pairs()</literal> and <literal>ipairs()</literal>.
+     </para>
+    </listitem>
+   </itemizedlist>
+  </para>
+ </simplesect>
+
+</chapter>
+
+<!-- Keep this comment at the end of the file
+Local variables:
+mode: sgml
+sgml-omittag:t
+sgml-shorttag:t
+sgml-minimize-attributes:nil
+sgml-always-quote-attributes:t
+sgml-indent-step:1
+sgml-indent-data:t
+indent-tabs-mode:nil
+sgml-parent-document:nil
+sgml-default-dtd-file:"~/.phpdoc/manual.ced"
+sgml-exposed-tags:nil
+sgml-local-catalogs:nil
+sgml-local-ecat-files:nil
+End:
+vim600: syn=xml fen fdm=syntax fdl=2 si
+vim: et tw=78 syn=sgml
+vi: ts=1 sw=1
+-->

reference/luasandbox/entities.luasandbox.xml

@@ -0,0 +1,16 @@
+&reference.luasandbox.luasandbox.callfunction;
+&reference.luasandbox.luasandbox.disableprofiler;
+&reference.luasandbox.luasandbox.enableprofiler;
+&reference.luasandbox.luasandbox.getcpuusage;
+&reference.luasandbox.luasandbox.getmemoryusage;
+&reference.luasandbox.luasandbox.getpeakmemoryusage;
+&reference.luasandbox.luasandbox.getprofilerfunctionreport;
+&reference.luasandbox.luasandbox.getversioninfo;
+&reference.luasandbox.luasandbox.loadbinary;
+&reference.luasandbox.luasandbox.loadstring;
+&reference.luasandbox.luasandbox.pauseusagetimer;
+&reference.luasandbox.luasandbox.registerlibrary;
+&reference.luasandbox.luasandbox.setcpulimit;
+&reference.luasandbox.luasandbox.setmemorylimit;
+&reference.luasandbox.luasandbox.unpauseusagetimer;
+&reference.luasandbox.luasandbox.wrapphpfunction;

reference/luasandbox/entities.luasandboxfunction.xml

@@ -0,0 +1,3 @@
+&reference.luasandbox.luasandboxfunction.call;
+&reference.luasandbox.luasandboxfunction.construct;
+&reference.luasandbox.luasandboxfunction.dump;