Reduce collectgarbage options in sandboxed mode

See https://luau.org/sandbox#library

Author: khvzak

src/luau/mod.rs

@@ -5,7 +5,7 @@ use std::ptr;
 use crate::chunk::ChunkMode;
 use crate::error::Result;
 use crate::function::Function;
-use crate::state::{callback_error_ext, Lua};
+use crate::state::{callback_error_ext, ExtraData, Lua};
 use crate::traits::{FromLuaMulti, IntoLua};
 
 pub use require::{NavigateError, Require, TextRequirer};
@@ -45,16 +45,17 @@ unsafe extern "C-unwind" fn lua_collectgarbage(state: *mut ffi::lua_State) -> c_
     let option = ffi::luaL_optstring(state, 1, cstr!("collect"));
     let option = CStr::from_ptr(option);
     let arg = ffi::luaL_optinteger(state, 2, 0);
+    let is_sandboxed = (*ExtraData::get(state)).sandboxed;
     match option.to_str() {
-        Ok("collect") => {
+        Ok("collect") if !is_sandboxed => {
             ffi::lua_gc(state, ffi::LUA_GCCOLLECT, 0);
             0
         }
-        Ok("stop") => {
+        Ok("stop") if !is_sandboxed => {
             ffi::lua_gc(state, ffi::LUA_GCSTOP, 0);
             0
         }
-        Ok("restart") => {
+        Ok("restart") if !is_sandboxed => {
             ffi::lua_gc(state, ffi::LUA_GCRESTART, 0);
             0
         }
@@ -64,12 +65,12 @@ unsafe extern "C-unwind" fn lua_collectgarbage(state: *mut ffi::lua_State) -> c_
             ffi::lua_pushnumber(state, kbytes + kbytes_rem / 1024.0);
             1
         }
-        Ok("step") => {
+        Ok("step") if !is_sandboxed => {
             let res = ffi::lua_gc(state, ffi::LUA_GCSTEP, arg as _);
             ffi::lua_pushboolean(state, res);
             1
         }
-        Ok("isrunning") => {
+        Ok("isrunning") if !is_sandboxed => {
             let res = ffi::lua_gc(state, ffi::LUA_GCISRUNNING, 0);
             ffi::lua_pushboolean(state, res);
             1

src/state/extra.rs

@@ -89,7 +89,7 @@ pub(crate) struct ExtraData {
     #[cfg(feature = "luau")]
     pub(crate) running_gc: bool,
     #[cfg(feature = "luau")]
-    pub(super) sandboxed: bool,
+    pub(crate) sandboxed: bool,
     #[cfg(feature = "luau")]
     pub(super) compiler: Option<Compiler>,
     #[cfg(feature = "luau-jit")]
@@ -212,7 +212,7 @@ impl ExtraData {
         self.weak.write(WeakLua(XRc::downgrade(raw)));
     }
 
-    pub(super) unsafe fn get(state: *mut ffi::lua_State) -> *mut Self {
+    pub(crate) unsafe fn get(state: *mut ffi::lua_State) -> *mut Self {
         #[cfg(feature = "luau")]
         if cfg!(not(feature = "module")) {
             // In the main app we can use `lua_callbacks` to access ExtraData

tests/luau.rs

@@ -196,6 +196,14 @@ fn test_sandbox() -> Result<()> {
     co.sandbox()?;
     assert_eq!(co.resume::<Option<i32>>(())?, Some(123));
 
+    // collectgarbage should be restricted in sandboxed mode
+    let collectgarbage = lua.globals().get::<Function>("collectgarbage")?;
+    for arg in ["collect", "stop", "restart", "step", "isrunning"] {
+        let err = collectgarbage.call::<()>(arg).err().unwrap().to_string();
+        assert!(err.contains("collectgarbage called with invalid option"));
+    }
+    assert!(collectgarbage.call::<u64>("count").unwrap() > 0);
+
     lua.sandbox(false)?;
 
     // Previously set variable `global` should be cleared now
@@ -205,6 +213,11 @@ fn test_sandbox() -> Result<()> {
     let table = lua.globals().get::<Table>("table")?;
     table.set("test", "test")?;
 
+    // collectgarbage should work now
+    for arg in ["collect", "stop", "restart", "count", "step", "isrunning"] {
+        collectgarbage.call::<()>(arg).unwrap();
+    }
+
     Ok(())
 }