LOVE Programming Game

[childonline]

Hi guys,

I'm planning on developing a little 2d sidescroller, where a robot has to make his way through obstacles, enemies, pitfalls, etc.
However, instead of the user directly controlling the robot, he must write a lua script file, which invokes some void functions such as: goLeft(), goRight(), jump(), etc.

I thought about doing this using lua's 5.1 "loadstring" or "loadfile" and then evaluating the string/file, but how should I stop the user from calling something "os.remove("c:/windows/system32")" or accidentally incrementing the delta-time variable dt or in any way write a harmful script?

What I'm really asking is how can I create a sandbox in which interaction is possible only with my robot module and not the os module or the love module etc.

This might seem as a noob question, but seeing how i am no love/lua guru I'll ask it anyway.

Thanks.

[mickeyjm]

first of all: thats not a noob question
second of all: id recommend something like making your own API and making sure the user cant use anything else. (Eg. robot.wait(time) or robot.left() work, but love.timer.sleep(time) and love.graphics.print() wouldnt work)
Personally i would do something like check the code with love.filesystem before running it to check for potentially harmful code.

[childonline]

Do you perhaps have any links on how to create such an api in lua?
I'm not lazy and already googled similar articles, but if you know of any websites on this topic I would be grateful.

[mickeyjm]

AFAIK its as simple as creating a table and putting functions in them.

For example:

Code: Select all

--Create + Pre define a function in the table
robot = {
dosomething = function()
--do something
end,
}

--One way to add a function
function robot.left()
--move left
end

--Another
robot.right = function()
--Move robot right
end

--Or you could do
robot["jump"] = function()
--jump
end

All 4 methods do the same thing, but I'm just showing different ways to express it.

I can still look for a tutorial if you like

[childonline]

I see where you are going, but how will this help me if the user decides to write something like this in his script:

Code: Select all

if robot.enemyIsInRange then
   robot.jump()
   os.exit()
end

What i want is to let the user have the most out of lua, but restrict the use certain modules, especially os, io and love (somehow declare them as unsafe).

I'm currently looking into sandboxes, but they seem a tad overkill for what i'm trying to achieve

[bartbes]

That's what setfenv is for.

[Robin]

You can also try SELÖVE, which is probably the most secure way to run LÖVE games (this will put your whole game in a sandbox, not just the user-controlled part).

[childonline]

You can also try SELÖVE, which is probably the most secure way to run LÖVE games (this will put your whole game in a sandbox, not just the user-controlled part).

Hmm, i was unaware that this existed. It defiantly sounds like a good idea to place the entire application into a sandbox, I'll look into it right now.