We (try to) kill/interrupt the thread and report an exception indicating that it timed out executing a script. It's all wrapped in an executor pool of sorts that helps us pace the script execution workload a bit.
From: Greg Brail [mailto:[email protected]] Sent: Wednesday, November 13, 2013 3:07 PM To: Rick Bullotta Cc: [email protected] Subject: Re: Opening Nashorn to the Internet Makes sense -- and then what do you do when the thread has been running for too long? The nice thing about the callbacks in Rhino is that they're executed inside Rhino, and you can raise an exception from the callback. So it's straightforward to raise an exception such as, "your script has been using the CPU for too long." The client can then recover, abort the current operation and work on other things, and the like. It's not 100 percent bulletproof (nothing is) but it helps close a big loophole. On Tue, Nov 12, 2013 at 1:32 PM, Rick Bullotta <[email protected]<mailto:[email protected]>> wrote: We did something similar but by explicitly monitoring the thread that was executing the script for completion within a certain timeframe. -----Original Message----- From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Greg Brail Sent: Tuesday, November 12, 2013 4:28 PM To: [email protected]<mailto:[email protected]> Subject: Re: Opening Nashorn to the Internet Rhino had support for an "instruction count callback," which it would call every N instructions. When embedding a script, you can then use that callback to check various conditions and do things like abort scripts that run for too long. Have you guys on the Nashorn team considered adding anything additional to Nashorn? That is one of the things I can think of that would make it closer to being a feature-complete replacement for Rhino. On Sat, Nov 9, 2013 at 2:25 AM, Rod Nim <[email protected]<mailto:[email protected]>> wrote: > Our app lets our end users write JavaScript via a web interface (Cloud > 9's > ACE) and submit that code back to the server to be executed in Nashorn. > > Does anyone have any perspective on dealing with either accidental or > malicious issues such as tight loops and excessive memory allocation? > > var outOfMemory = ''; > while (true) { > outOfMemory += outOfMemory; > } > > Basically the question is "how do I safely open Nashorn scripting to > anyone", white hat, or black hat? > > Thanks for the help! > > Rod -- *greg brail* | *apigee <https://apigee.com/>* | m: +1.650.937.9302<tel:%2B1.650.937.9302> | twitter @gbrail <http://twitter.com/gbrail> @apigee<https://twitter.com/apigee> -- greg brail | apigee<https://apigee.com/> | m: +1.650.937.9302 | twitter @gbrail<http://twitter.com/gbrail> @apigee<https://twitter.com/apigee>
