wml test for cve-2018-1999023

this test whether we succesfully prevent the exceution and parsing of precompiled lua chunks, which can be used to break the lua sandbox. This test does not cover all affected functions in particular not the ai code that loads lua chunks.
2018-07-24 02:11:40 +02:00 · 2018-07-24 02:11:40 +02:00 · 6b13a63bb0
commit 6b13a63bb0
parent 2554c166dd
4 changed files with 34 additions and 0 deletions
--- a/data/test/scenarios/bytecode.lua
+++ b/data/test/scenarios/bytecode.lua
--- a/data/test/scenarios/test_cve_2018_1999023.cfg
+++ b/data/test/scenarios/test_cve_2018_1999023.cfg
@ -0,0 +1,29 @@
+{GENERIC_UNIT_TEST "cve_2018_1999023" (
+    [lua]
+        code = << pcall(function() wesnoth.dofile("test/scenarios/bytecode.lua") end) >>
+    [/lua]
+    [lua]
+        code = << pcall(function() wesnoth.require("test/scenarios/bytecode.lua") end) >>
+    [/lua]
+    [lua]
+        code = <<
+		local function f1()
+			bytecode_executed = true
+		end
+		local f2, err = load(string.dump(f1))
+		if f2 then
+			f2()
+		end
+		>>
+    [/lua]
+    [event]
+        name = prestart
+        [lua]
+        code = <<
+			wml.variables["execution_prevented"] = not rawget(_G, "bytecode_executed")
+        >>
+        [/lua]
+        {ASSERT ({VARIABLE_CONDITIONAL execution_prevented equals yes})}
+        {SUCCEED}
+    [/event]
+)}
--- a/data/test/scenarios/test_cve_2018_1999023_2.cfg
+++ b/data/test/scenarios/test_cve_2018_1999023_2.cfg
--- a/5
+++ b/5
@ -11,6 +11,11 @@
 0 fixed_lua_random_replay_with_sync_choice
 0 test_end_turn
 #
+# Security test
+#
+0 cve_2018_1999023
+1 cve_2018_1999023_2
+#
 # Test Check Victory (If this isn't working other tests may have dubious value)
 #
 2 check_victory_basic_timeout