Lua vendored sandbox/v13 #233
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-ci: Disable lua on debian 10 as it doesn't have Lua 5.4. Ticket: OISF#4776
lua 5.4 support is not available in luajit Ticket: OISF#4776
Ticket: OISF#4776 [Edits by Jason Ish] - Add Lua in CI where needed - Disable Lua for builds that don't have Lua 5.4
Including: - rename guards - SCMalloc to SCCalloc - remove unused enum - rename public functions to our naming standard
Remove lua-dev(el) from all CI tests.
Now that we're fixed to Lua 5.4, the integer size is always 8.
Its always built-in. However, can be disabled at runtime.
Modify the CentOS 9 Stream build to not have cbdingen available, as its already building from the dist. But add a "make clean" followed by a "make" to test that it still builds after a clean.
The vendored Lua code triggers some scan-build failures, so exclude the rust/ directory for now. Might want to look at these separately though.
Remove maintainer-clean-local, this is not needed. In distclean-local, remove "rust/dist" and "rust/vendor" as they are created during "make dist". In "clean-local", remove "rust/target" and "rust/gen" as they are created during a normal "make".
The Lua library surface area is small enough to manage an allow list, which is generally better than a deny list, as we'll explicitly need to opt-in to new functions provided by the Lua runtime.
Distinguish between a generic Lua script error and an error created by a function being blocked, so each is logged once respective of each other. Also add a stat that is incremented when a script fails due to a blocked function. NOTE: This does not catch calls to functions that are blocked by not having the library loaded, such as "io.open", as they are blocked by not even loading the "io" library.
Not sure if I see a use for it, some extra debug logging might be just as useful for those writing Lua scripts.
Update the Lua allocated to set a code on memory allocation limit exceeded errors so an appropriate error message can be logged and a state incremented. Fixes the tracking of the allocated size by using the difference between original size, and new size and toss in some debug validations.
|
NOTE: This PR may contain new authors. |
This is required for some older versions in the pull request to build as the commits change some compile time options with respect to Lua.
|
NOTE: This PR may contain new authors. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Make sure these boxes are signed before submitting your Pull Request -- thank you.
https://docs.suricata.io/en/latest/devguide/contributing/contribution-process.html
https://suricata.io/about/contribution-agreement/ (note: this is only required once)
https://redmine.openinfosecfoundation.org/projects/suricata/issues
(if applicable)
Link to ticket: https://redmine.openinfosecfoundation.org/issues/
Describe changes:
Provide values to any of the below to override the defaults.
link to the pull request in the respective
_BRANCHvariable.SV_REPO=
SV_BRANCH=OISF/suricata-verify#1861
SU_REPO=
SU_BRANCH=
LIBHTP_REPO=
LIBHTP_BRANCH=