Added loading of safe Lua library functions

Added functions to load the built-in Lua modules and un-define unsafe
functions. Added menu items to debug and edit Lua scripts.

main_wnd.c

@@ -24,6 +24,7 @@ typedef struct tagMAINWNDDATA
     COLORREF crWorkHoursCol;/**< Color of the working hours */   
     WHTIME whtLastUpdate;   /**< Time of last window update */
     LPWHLUA lpWhLua;        /**< Working hours state */
+    BOOL bShowLuaDebug;     /**< Are we showing Lua debug window */
 } MAINWNDDATA, *LPMAINWNDDATA;
 
 /* Tray icon notification messages  */
@@ -273,8 +274,7 @@ static LPMAINWNDDATA CreateMainWndData(VOID)
     lpData->hWorkHoursFont = NULL;
     lpData->crWorkHoursCol = (COLORREF)GetSysColor(COLOR_BTNTEXT);
     lpData->whtLastUpdate.wHour = 0;
-    lpData->whtLastUpdate.wMinute = 0;
-
+    lpData->whtLastUpdate.wMinute = 0;    
     lpData->lpWhLua = (LPWHLUA)HeapAlloc(g_hHeap, 0, sizeof(WHLUA));
     if(NULL != lpData)
     {
@@ -284,6 +284,7 @@ static LPMAINWNDDATA CreateMainWndData(VOID)
             lpData->lpWhLua = NULL;
         }
     }
+    lpData->bShowLuaDebug = FALSE;
 
     return lpData;
 }
@@ -359,6 +360,27 @@ static BOOL OnRunAtStartup(
     return TRUE;
 }
 
+/**
+ * @brief Show the window displaying Lua debug messages
+ * 
+ * @param hwnd Main window handle
+ * @param bShow Show or hide the debug window
+ */
+static VOID OnDbgWnd(
+    HWND hwnd,
+    BOOL bShow
+)
+{
+    LPMAINWNDDATA lpData;
+    /* Get main window data */
+    lpData = GetMainWindowData(hwnd);
+
+    lpData->bShowLuaDebug = bShow;
+
+    CheckMenuItem(GetMenu(hwnd), IDM_DBG_WND,
+        MF_BYCOMMAND | ((lpData->bShowLuaDebug) ? MF_CHECKED : MF_UNCHECKED));
+}
+
 /**
  * @brief Check if application is registered to run at startup
  * 
@@ -630,6 +652,10 @@ static INT_PTR OnMenuAccCommand(
         case IDM_EXIT:
             DestroyWindow(hwnd);
             return TRUE;
+
+        case IDM_DBG_WND:
+            OnDbgWnd(hwnd, !(lpData->bShowLuaDebug));
+            return TRUE;
 
         case IDM_ABOUT:
             ShowAboutDialog(hwnd);

res/default.lua

@@ -37,7 +37,7 @@ function Calculate(Arrival, Now)
     end
 
     -- Calculate worked time
-    local Worked = WhNewTime(WhFloor(Minutes / 60), Minutes % 60)
+    local Worked = WhNewTime(math.floor(Minutes / 60), Minutes % 60)
 
     -- Return calculated working hours and timer color
     return Worked, Color
@@ -53,7 +53,7 @@ function LeaveTime(Arrival)
     Minutes = (Minutes + (8*60) + 30 + 5 + 5) % (24*60)
 
     -- Calculate leave time
-    local Leave = WhNewTime(WhFloor(Minutes / 60), Minutes % 60)
+    local Leave = WhNewTime(math.floor(Minutes / 60), Minutes % 60)
 
     return Leave
 end

resource.h

@@ -29,7 +29,9 @@
 #define IDR_MENU                        40000
     #define IDM_RUNATSTARTUP                40001
     #define IDM_EXIT                        40002
-    #define IDM_ABOUT                       40003
+    #define IDM_DBG_WND                     40003
+    #define IDM_EDIT                        40004
+    #define IDM_ABOUT                       40005
 
 #define IDR_TRAY_MENU                   41000
     #define IDM_SHOWHIDE                    41001

resource.rc

@@ -104,10 +104,13 @@ IDR_MENU MENU
 BEGIN
     POPUP "&Working-hours"
     BEGIN
-        MENUITEM "R&un at Startup",                 IDM_RUNATSTARTUP
+        MENUITEM "&Run at Startup",                 IDM_RUNATSTARTUP
+        MENUITEM SEPARATOR
+        MENUITEM "Script &Debug Console",           IDM_DBG_WND
+        MENUITEM "&Edit Script",                    IDM_EDIT
         MENUITEM SEPARATOR
         MENUITEM "E&xit",                           IDM_EXIT
-    END    
+    END
     POPUP "&Help"
     BEGIN
         MENUITEM "&About",                          IDM_ABOUT

wh_lua.c

@@ -3,6 +3,8 @@
 #include "defs.h"
 #include "main_wnd.h"
 
+#include <lualib.h>
+
 
 /******************************************************************************/
 /*                               Private                                      */
@@ -33,12 +35,6 @@
  */
 #define LUA_RGB_FCN "WhRgb"
 
-/**
- * @brief Function used to round down to integer value
- * 
- */
-#define LUA_FLOOR_FCN "WhFloor"
-
 /**
  * @brief Function provided for debugging purposes
  * 
@@ -106,6 +102,45 @@ static void * WhLuaAllocator(
     }
 }
 
+/**
+ * @brief Load the specified module and undefine passed functions
+ * 
+ * @param[in,out] lpWhLua Working hours Lua state
+ * @param[in] lpOpenFcn Function to load the module
+ * @param[in] lpModuleName Module name, "_G" for base library
+ * @param[in] lpFunctions Array of functions to be undefined after load. Last
+ *            element must be NULL
+ */
+static VOID WhLuaLoadAndUndefine(
+    LPWHLUA lpWhLua,
+    lua_CFunction lpOpenFcn,
+    LPCSTR lpModuleName,
+    LPCSTR lpFunctions[]
+)
+{
+    INT iFunction = 0;
+
+    /* Load the module, the module table gets placed on the top of the stack */
+    luaL_requiref(lpWhLua->lpLua, lpModuleName, lpOpenFcn, 1);
+
+    /* Undefine the values */
+    while(NULL != lpFunctions[iFunction])
+    {
+        lua_pushnil(lpWhLua->lpLua);
+        lua_setfield(lpWhLua->lpLua, -2, lpFunctions[iFunction]);
+
+        iFunction ++;
+    }
+
+    /* Pop the module table */
+    lua_pop(lpWhLua->lpLua, 1);
+}
+
+
+/******************************************************************************/
+/*                            Lua Functions                                   */
+/******************************************************************************/
+
 /**
  * @brief Function to create RGB color
  * 
@@ -172,31 +207,6 @@ static int WhLuaNewTime(
     return 1;
 }
 
-/**
- * @brief Function to round down number to nearest integer value
- * 
- * @param[in,out] lpLua
- * 
- * @return Number of outputs on Lua stack
- */
-static int WhLuaFloor(
-    lua_State * lpLua
-)
-{
-    /* Check arguments */
-    if(1 != lua_gettop(lpLua) || !lua_isnumber(lpLua, 1))
-    {
-        lua_pushstring(lpLua, "incorrect argument");
-        lua_error(lpLua);
-        return 0;
-    }
-
-    /* Push converted value */
-    lua_pushinteger(lpLua, (lua_Integer)lua_tonumber(lpLua, 1));
-
-    return 1;
-}
-
 /**
  * @brief Function to show custom Message Box
  * 
@@ -241,10 +251,23 @@ BOOL WhLuaInit(
     /* Initialize with no Lua code */
     lpWhLua->lpLuaCode = NULL;
 
+    /* Create quasi-safe sand box by loading only portion of the libraries and
+     * undefining potentially dangerous functions */
+    /* Load some of the Lua libraries */
+    WhLuaLoadAndUndefine(lpWhLua, luaopen_base, "_G", (LPCSTR []){"assert",
+        "collectgarbage", "dofile", "getmetatable", "loadfile", "load",
+        "loadstring", "print", "rawequal", "rawlen", "rawget", "rawset",
+        "setmetatable", NULL});
+    WhLuaLoadAndUndefine(lpWhLua, luaopen_string, LUA_STRLIBNAME,
+        (LPCSTR []){"dump", NULL});
+    WhLuaLoadAndUndefine(lpWhLua, luaopen_table, LUA_TABLIBNAME,
+        (LPCSTR []){NULL});
+    WhLuaLoadAndUndefine(lpWhLua, luaopen_math, LUA_MATHLIBNAME,
+        (LPCSTR []){NULL});
+
     /* Register Lua Functions */
     lua_register(lpWhLua->lpLua, LUA_NEW_TIME_FCN, WhLuaNewTime);
     lua_register(lpWhLua->lpLua, LUA_RGB_FCN, WhLuaRgb);
-    lua_register(lpWhLua->lpLua, LUA_FLOOR_FCN, WhLuaFloor);
     lua_register(lpWhLua->lpLua, LUA_ALERT_FCN, WhLuaAlert);
 
     return TRUE;