Whitelist checker for semi-trusted services that do not leak IPs (directly at least).
Gurl can work as a standalone addon or as git submodule.
Add this as a dependency in your workshop addon.
cd myaddon
git submodule add https://github.com/Metastruct/gurl.git lua/myaddon/gurlThen include from your code:
myaddon.gurl = include("myaddon/gurl/lua/gurl/gurl.lua")Remember to update submodule reference periodically!
(not recommended, this will conflict if gurl is installed globally)
Create package.json:
{
"name": "myaddon",
"version": "1.0.0",
"description": "My Garry's Mod addon",
"dependencies": {
"gurl": "git+https://github.com/Metastruct/gurl.git"
},
"devDependencies": {
"gmod-packager": "git+https://github.com/Python1320/gmod-packager.git"
},
"scripts": {
"postinstall": "gmod-packager"
}
}Then run npm install to trigger gmod-packager which builds into dist folder. See full example in: https://github.com/Metastruct/outfitter/
_G.gurl -- the gurl module (set in addon/workshop mode by autorun/gurl.lua)Checks a URL against the whitelist. Returns true, reason if allowed, false, reason if blocked.
local ok, reason = gurl.check_url("https://i.imgur.com/foo.png")Runs the CanAccessUrl hook before checking the whitelist. If the hook returns true the URL is allowed immediately; if false it's blocked immediately.
Like check_url, but also logs blocked URLs to gurl.blocked_urls and prints a chat message with gurl_allow instructions.
Adds a simple domain whitelist entry at runtime (e.g. "example.com" matches example.com/anything).
Converts hosting URLs (Google Drive, Dropbox, GitHub, GitLab, OneDrive, Pastebin) into direct-download URLs. Returns the converted URL.
local dl = gurl.make_downloadable("https://drive.google.com/file/d/abc123/view")
-- dl -> "https://drive.google.com/uc?export=download&id=abc123"Returns the internal pattern tables for inspection.
Table of the last 100 blocked URLs (most recent first). Populated by check_url_easy.
Constants (1, 2, 3) for use when editing url_whitelist.lua entries programmatically.
CanAccessUrl(url)
Return true to allow, false to block, or nil to fall through to the whitelist.
| Command | Description |
|---|---|---|
| gurl_test <url> | Tests a URL and prints result |
| gurl_allow <domain> | Adds a simple whitelist entry (strips protocol/path) |
| gurl_dump | Dumps all whitelist/blacklist patterns to console and gurl.json |
| Convar | Default | Description |
|---|---|---|
gurl_print_blocked |
0 |
Print blocked URLs to console |
The whitelist is defined using three functions:
simple("domain.com")— matchesdomain.com/anythingpattern([[regex]])— Lua pattern match on the fullhost/pathstringblacklist("domain.com/path")— blocks matching URLs
Patterns have ^ and $ forced automatically.
Help us make the whitelist rules for all relatively safe services
If you believe something should or should not be in this list, make a pull request using the above link.
Coders: Help us code this thing and refine the system to better suit all external content features, either through pull requets or suggestions/issues
This is free and unencumbered software released into the public domain. See LICENSE for details.
- Make detour system for HTTP()
- Full URL parser to allow whitelisting
- domain
- subdomain
- arbitrary regex
- Full URL parser to allow whitelisting
- Whitelist pattern matching system
- Whitelist itself of all possible services
- Autoupdating?
- Query dialog
- NOTE: Aggregate list of URLs needed
- "One or more network resources are being blocked for security reasons"
- OK button / More info
- Advanced button
- Allow and remember this URL
- Allow all
- Disallow all
- Notify of all URLs opened?
- API
gurl/http . CanOpen("url")gurl/http . AskOpen("url",function(ok) end)