Add a proper system for Scoped Sandbox Stratagem #26
Description
This would replace the current modules mechanism and allow language-agnostic sandbox customization beyond the defaults in a secure manner.
data/funny_pack_private/luafy/sandbox_requests.json - Global for all scripts within the namespace
Example scope:
web_requestsmatch_urlRegex stringper_dayInteger,-1for infinitemax_sizeInteger, maximum outgoing or incoming request size in bytes,-1for infiniterequiredWhether to disable all Luafy scripts in the namespace if this isn't authorizedreasonShort explanation to end-users & server administrators why you need this scope
config/luafy/sandbox.json
true at the root of the scopes object for a specific namespace would authorize any sandbox change made by the namespace, this is dangerous and should only be used by people developing scripts themselves, platforms shouldn't allow packs that recommend setting this. A warning is printed to console when a namespace has this set
If a namespace fails to get a required scope, an error is posted in the server console
If multiple datapacks try to change the scopes for the same namespace, all involved datapacks are disabled and an error is printed to console
If multiple datapacks try to register scripts in a namespace that has sandbox changes, all involved datapacks are disabled and an error is printed to console
If a namespace outside of a datapack tries to call sandbox-exception namespace scripts, that fails. The only way this is supported is through the use of another namespace within the same pack that doesn't have sandbox exceptions.
{ "funny_pack_private": { "hash": "au56soh273628...", // hash of the scopes config, if this doesn't match, the namespace is disabled and an error is printed in console. This hash is automatically populated by the mod once "web_requests": true }, "i_made_this": true }