oss/luanti
oss/luanti
1
0
Fork 0
mirror of https://github.com/luanti-org/luanti.git synced 2025-08-01 17:38:41 +00:00
Code Wiki Activity

Fix potential security issue(s), documentation on minetest.deserialize() (#9369)

Browse source 
Also adds an unittest
This commit is contained in:
sfan5 2020-03-05 22:03:04 +01:00 committed by GitHub
parent ef09e8a4d6
commit 8d6a0b917c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 39 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

18
builtin/common/tests/serialize_spec.lua
View file

@ -1,6 +1,6 @@
_G.core = {}
_G.setfenv = function() end
_G.setfenv = require 'busted.compatibility'.setfenv
dofile("builtin/common/serialize.lua")
@ -25,4 +25,20 @@ describe("serialize", function()
local test_out = core.deserialize(core.serialize(test_in))
assert.same(test_in, test_out)
end)
it("strips functions in safe mode", function()
local test_in = {
func = function(a, b)
error("test")
end,
foo = "bar"
}
local str = core.serialize(test_in)
assert.not_nil(str:find("loadstring"))
local test_out = core.deserialize(str, true)
assert.is_nil(test_out.func)
assert.equals(test_out.foo, "bar")
end)
end)