问题描述
我正在尝试使用 Kong 的 API 网关,但是,我想在 Kong 处理请求之前使用其 serverless plugin 添加一些自定义实现。我基本上想读入映射在 Kong 容器中的 JSON 文件卷,并在处理请求之前用它做一些事情。
当我关注他们的 example 时,我能够看到打印的日志。但是,当我开始添加 Lua 代码(在 custom-auth.lua 中)时,它似乎在抱怨。文件顶部的一个简单的 print("hello world") 语句给了我以下错误。
2021/02/05 02:00:19 [error] 22#0: *8042 [kong] init.lua:270 [pre-function] /usr/local/share/lua/5.1/sandBox.lua:170: [string "..."]:3: attempt to index global 'print' (a nil value),client: 172.31.0.1,server: kong,request: "GET /v1/myEndpoint HTTP/2.0",host: "localhost:8443"
170 if not t[1] then error(t[2]) end
沙盒.lua:
local sandBox = {
_VERSION = "sandBox 0.5",_DESCRIPTION = "A pure-lua solution for running untrusted Lua code.",_URL = "https://github.com/kikito/sandBox.lua",_LICENSE = [[
MIT LICENSE
copyright (c) 2021 Enrique García Cota
Permission is hereby granted,free of charge,to any person obtaining a
copy of this software and associated documentation files (the
"Software"),to deal in the Software without restriction,including
without limitation the rights to use,copy,modify,merge,publish,distribute,sublicense,and/or sell copies of the Software,and to
permit persons to whom the Software is furnished to do so,subject to
the following conditions:
The above copyright notice and this permission notice shall be included
in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS",WITHOUT WARRANTY OF ANY KIND,EXPRESS
OR IMPLIED,INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY,fitness FOR A PARTIculaR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR copYRIGHT HOLDERS BE LIABLE FOR ANY
CLaim,damAGES OR OTHER LIABILITY,WHETHER IN AN ACTION OF CONTRACT,TORT OR OTHERWISE,ARISING FROM,OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
]],}
-- quotas don't work in LuaJIT since debug.sethook works differently there
local quota_supported = type(_G.jit) == "nil"
sandBox.quota_supported = quota_supported
-- PUC-Rio Lua 5.1 does not support deactivation of bytecode
local bytecode_blocked = _ENV or type(_G.jit) == "table"
sandBox.bytecode_blocked = bytecode_blocked
-- The base environment is merged with the given env option (or an empty table,if no env provided)
--
local BASE_ENV = {}
-- List of unsafe packages/functions:
--
-- * string.rep: can be used to allocate millions of bytes in 1 operation
-- * {set|get}Metatable: can be used to modify the Metatable of global objects (strings,integers)
-- * collectgarbage: can affect performance of other systems
-- * dofile: can access the server filesystem
-- * _G: It has access to everything. It can be mocked to other things though.
-- * load{file|string}: All unsafe because they can grant acces to global env
-- * raw{get|set|equal}: Potentially unsafe
-- * module|require|module: Can modify the host settings
-- * string.dump: Can display confidential server info (implementation of functions)
-- * math.randomseed: Can affect the host sytem
-- * io.*,os.*: Most stuff there is unsafe,see below for exceptions
-- Safe packages/functions below
([[
_VERSION assert error ipairs next pairs
pcall select tonumber tostring type unpack xpcall
coroutine.create coroutine.resume coroutine.running coroutine.status
coroutine.wrap coroutine.yield
math.abs math.acos math.asin math.atan math.atan2 math.ceil
math.cos math.cosh math.deg math.exp math.fmod math.floor
math.frexp math.huge math.ldexp math.log math.log10 math.max
math.min math.modf math.pi math.pow math.rad math.random
math.sin math.sinh math.sqrt math.tan math.tanh
os.clock os.difftime os.time
string.byte string.char string.find string.format string.gmatch
string.gsub string.len string.lower string.match string.reverse
string.sub string.upper
table.insert table.maxn table.remove table.sort
]]):gsub('%s+',function(id)
local module,method = id:match('([^%.]+)%.([^%.]+)')
if module then
BASE_ENV[module] = BASE_ENV[module] or {}
BASE_ENV[module][method] = _G[module][method]
else
BASE_ENV[id] = _G[id]
end
end)
local function protect_module(module,module_name)
return setMetatable({},{
__index = module,__newindex = function(_,attr_name,_)
error('Can not modify ' .. module_name .. '.' .. attr_name .. '. Protected by the sandBox.')
end
})
end
('coroutine math os string table'):gsub('%s+',function(module_name)
BASE_ENV[module_name] = protect_module(BASE_ENV[module_name],module_name)
end)
-- auxiliary functions/variables
local string_rep = string.rep
local function sethook(f,key,quota)
if type(debug) ~= 'table' or type(debug.sethook) ~= 'function' then return end
debug.sethook(f,quota)
end
local function cleanup()
sethook()
string.rep = string_rep -- luacheck: no global
end
-- Public interface: sandBox.protect
function sandBox.protect(code,options)
options = options or {}
local quota = false
if options.quota and not quota_supported then
error("options.quota is not supported on this environment (usually LuaJIT). Please unset options.quota")
end
if options.quota ~= false then
quota = options.quota or 500000
end
assert(type(code) == 'string',"expected a string")
local passed_env = options.env or {}
local env = {}
for k,v in pairs(BASE_ENV) do
local pv = passed_env[k]
if pv ~= nil then
env[k] = pv
else
env[k] = v
end
end
setMetatable(env,{ __index = options.env })
env._G = env
local f
if bytecode_blocked then
f = assert(load(code,nil,'t',env))
else
f = assert(loadstring(code))
setfenv(f,env)
end
return function(...)
if quota and quota_supported then
local timeout = function()
cleanup()
error('Quota exceeded: ' .. tostring(quota))
end
sethook(timeout,"",quota)
end
string.rep = nil -- luacheck: no global
local t = table.pack(pcall(f,...))
cleanup()
if not t[1] then error(t[2]) end
return table.unpack(t,2,t.n)
end
end
-- Public interface: sandBox.run
function sandBox.run(code,options,...)
return sandBox.protect(code,options)(...)
end
-- make sandBox(f) == sandBox.protect(f)
setMetatable(sandBox,{__call = function(_,code,o) return sandBox.protect(code,o) end})
return sandBox
任何帮助将不胜感激。
解决方法
想通了,Kong 将 Lua 模块默认为沙箱,但可以在以环境变量 KONG_UNTRUSTED_LUA: "on" 启动 Kong 或在 kong.conf 中设置以启用所有模块。
untrusted_lua = on
# Accepted values are:
#
# - `off`: disallow any loading of Lua functions
# from admin supplied sources (such as via the Admin API).
#
# Note using the `off` option will render plugins such as
# Serverless Functions unusable.
# - `sandbox`: allow loading of Lua functions from admin
# supplied sources,but use a sandbox when
# executing them. The sandboxed
# function will have restricted access
# to the global environment and only
# have access to standard Lua functions
# that will generally not cause harm to
# the Kong node.
#
# In this mode,the `require` function inside
# the sandbox only allows loading external Lua
# modules that are explicitly listed in
# `untrusted_lua_sandbox_requires` below.
#
# LuaJIT bytecode loading is disabled.
#
# Warning: LuaJIT is not designed as a secure
# runtime for running malicious code,therefore,# you should properly protect your Admin API endpoint
# even with sandboxing enabled. The sandbox only
# provides protection against trivial attackers or
# unintentional modification of the Kong global
# environment.
# - `on`: allow loading of Lua functions from admin
# supplied sources and do not use a sandbox when
# executing them. Functions will have unrestricted
# access to global environment and able to load any
# Lua modules. This is similar to the behavior in Kong
# prior to 2.3.0.
#
# LuaJIT bytecode loading is disabled.