Security (#78)

- 禁用了更多Lua函数
- 将计算MD5的过程挪到cpp

lua/freekill.lua

@@ -44,11 +44,18 @@ end
 Config = loadConf()
 
 -- disable dangerous functions
-os.remove = nil
+local _os = {
-os.execute = nil
+  time = os.time,
-os.exit = nil
+  date = os.date,
-os.rename = nil
+  clock = os.clock,
+  difftime = os.difftime,
+  getms = os.getms,
+}
+os = _os
 io = nil
+package = nil
+load = nil
+loadfile = nil
 
 -- load packages
 dofile "lua/fk_ex.lua"

qml/Logic.js

@@ -27,10 +27,7 @@ callbacks["NetworkDelayTest"] = function(jsonData) {
     cipherText = Backend.pubEncrypt(jsonData, config.password);
   }
   config.cipherText = cipherText;
-  let md5sum = Backend.calcFileMD5();
+  Backend.replyDelayTest(config.screenName, cipherText);
-  ClientInstance.notifyServer("Setup", JSON.stringify([
-    config.screenName, cipherText, md5sum
-  ]));
 }
 
 callbacks["ErrorMsg"] = function(jsonData) {

src/ui/qmlbackend.cpp

@@ -219,8 +219,12 @@ void QmlBackend::saveConf(const QString &conf) {
   c.write(conf.toUtf8());
 }
 
-QString QmlBackend::calcFileMD5() {
+void QmlBackend::replyDelayTest(const QString &screenName, const QString &cipher) {
-  return ::calcFileMD5();
+  auto md5 = calcFileMD5();
+
+  QJsonArray arr;
+  arr << screenName << cipher << md5;
+  ClientInstance->notifyServer("Setup", JsonArray2Bytes(arr));
 }
 
 void QmlBackend::playSound(const QString &name, int index) {

src/ui/qmlbackend.h

@@ -35,7 +35,7 @@ public:
   Q_INVOKABLE QString loadConf();
   Q_INVOKABLE void saveConf(const QString &conf);
 
-  Q_INVOKABLE QString calcFileMD5();
+  Q_INVOKABLE void replyDelayTest(const QString &screenName, const QString &cipher);
   Q_INVOKABLE void playSound(const QString &name, int index = 0);
 
   Q_INVOKABLE void copyToClipboard(const QString &s);