SecureLuaVirtualMachine - Controlled Execution Environment

Sorry for the delay. Could you send the script that causes the error (Input) and the Logs? (They can be turned on from inside the SLVM module by setting SLVM_DEBUG_ENABLED to true)

image

__index is the problem
Yes i have analyzed and he blocked in this script: (OOP)

local Signal = {}
Signal.__index = Signal
Signal.ClassName = "Signal"
function Signal.new()
	local self = setmetatable({}, Signal)

	self._pdending = nil
	self._gvdata = nil
	self._bindableEvent = Instance.new("BindableEvent")
	self:Initialize()

	return self
end

function Signal.newWith(be)
	local self = setmetatable({}, Signal)

	self._pdending = nil
	self._gvdata = nil
	self._bindableEvent = be
	self:Initialize()

	return self
end

function Signal:GetPending()
	return self._pdending
end

function Signal:Initialize()
	self._bindableEvent.Event:Connect(function(...)
		self._pdending = ...
	end)
end

function Signal:Fire(...)
	self._bindableEvent:Fire(...)
end

function Signal:Connect(handler)
	if type(handler) == "function" then
		return self._bindableEvent.Event:Connect(function(...)
			handler(...)
		end)
	end
	return "function?"
end
function Signal:ConnectParallel(handler)
	if type(handler) == "function" then
		return self._bindableEvent.Event:ConnectParallel(function(...)
			handler(...)
		end)
	end
	return "function?"
end
function Signal:Wait()
	return self._bindableEvent.Event:Wait()
end
function Signal:Destroy()
	if self._bindableEvent then
		self._bindableEvent:Destroy()
		self._bindableEvent = nil
	end
end
return Signal
--[[local Connection = {}
Connection.__index = Connection

function Connection.new(callback)
	return setmetatable({
		_Callback = callback
	}, Connection)
end

function Connection:Disconnect()
	self._Callback = nil
	setmetatable(self,nil)
end


local Signal = {}
Signal.__index = Signal

function Signal.new()
	return setmetatable({
		_Threads = {},
		Firing = false,
		_gvdata = {}
	}, Signal)
end

function Signal:Fire(...)
	for threadOrConnection,_Type in pairs(self._Threads) do
		if _Type == "Connection" then
			if threadOrConnection._Callback == nil then self._Threads[threadOrConnection] = nil else
				task.spawn(threadOrConnection._Callback,...)
			end
		elseif _Type == "ConnectOnce" then
			if threadOrConnection._Callback ~= nil then
				task.spawn(threadOrConnection._Callback,...)
				threadOrConnection:Disconnect()
			end
		elseif _Type == "Wait" then
			self._Threads[threadOrConnection] = nil
			task.spawn(threadOrConnection, ...)
		end
	end
end

function Signal:Wait(duration : number?)
	local Running = coroutine.running()
	self._Threads[Running] = "Wait"
	if duration then
		task.delay(duration, function(thread)
			local stillYielding = self._Threads[thread]
			if stillYielding then
				self._Threads[thread] = nil
				task.spawn(thread)
			end
		end, Running)
	end
	return coroutine.yield()
end

function Signal:Connect(callback: () -> ())
	local connection = Connection.new(callback)
	self._Threads[connection] = "Connection"
	return connection
end

function Signal:ConnectOnce(callback: () -> ())
	local connection = Connection.new(callback)
	self._Threads[connection] = "ConnectOnce"
	return connection
end

function Signal:Destroy()

	self._Connections = nil
	self._Yielding = nil
	self.Firing = nil
	setmetatable(self,{__index = function() return nil end})

end


return Signal--]]

I am not getting any errors when running the script

image

And neither when running this below the script you sent:

Signal.new():Fire()

image

You right, i guess it’s me i wrongly type something. I don’t have stack overflow anymore.
Thanks anyways!

1 Like

Is there a way I can allow players to require a specific ModuleScript and run a specific ModuleScript function?

1 Like

Yes, using hooks and read hooks it is possible:

-- Assuming VM is a LuaVM object
local allowedModule = ... -- whatever module
local requiredAllowedModule = require(allowedModule)

VM:ReplaceClosure(require, function(module)
    assert(module == allowedModule, "module cannot be required")

    return requiredAllowedModule
end)

VM:AddReadHook(requiredAllowedModule, function(self, Index, NormalValue)
	if type(Index) == "string" then
		--// CheckCString should not be used in non c function hooks  
		if "someFunc" == Index then --> Replace someFunc with the function's index in the module
			return NormalValue
		end
	end
	
	error("cannot use function '" .. Index .. "' from module", 2)
end)
2 Likes

So my problem is Signal.__index = Signal because when i remove this line, this unlocks the script but it gives me error cause __index is important after. Any solution?
i enabled this settings:

LuaVM:EnableAdditionalSetting(SLVM.Enum.AdditionalSettings.ThrottleLoopInstructions)
	LuaVM:EnableAdditionalSetting(SLVM.Enum.AdditionalSettings.ThrottleRecursiveCalls)
	LuaVM:EnableAdditionalSetting(SLVM.Enum.AdditionalSettings.SandboxCalls)

I ran exactly the script you gave me, however if you did not find a solution to your problem, disable SandboxCalls although that is not recommended.

I found a solution I have put the __index script inside of a module script.
But do you have a idea how to optimize the lua vm? Because i run a lot of script inside of the lua vm and i takes 4-5 minutes to load (very annoying)

1 Like

I am no longer actively updating this module. However feel free to give suggestions and I will do my best to implement them. I sadly cannot do much regarding the VM’s speed.

2 Likes

Any way to allow Instance.new(), but only for GuiObjects?

1 Like

Set Instance to a new local variable before the rest of the script runs. You can regulate it yourself that way!

1 Like

For some reason I cannot send my answer

That’s ok! Send it when you can.

1 Like

Hi, are you able to send the answer now?

Sorry for the delay;

One can use the roblox api dump https://github.com/MaximumADHD/Roblox-Client-Tracker/blob/roblox/Full-API-Dump.json and check if the object requested’s superclass is “GuiObject”. I cannot send a code snippet example right now, but I’ll send one when I’ll be available.

Have you any idea to improve performance in the slvmrules.AdditionalSettings.SandboxCalls function, cause when i disabling it, it runs more faster. But i want security?

1 Like

If disabling that gives you performance then don’t worry about security

1 Like

No I sadly cannot make it any faster.

You could however block getfenv and debug.info

1 Like

Ok no problem, your module is very nice, back to back my loadstring module was sht and lagging all the times and now with your module the situation has improved!

2 Likes