Hi, I am planning to use JEXL library in my SaaS based product to run JavaScripts/JexlScripts(I understand, Jexl is not exactly java script).
Since, security is one of the most important requirements for any SaaS based product, I am going to use Jexl Sandbox and Jexl Features to secure my application. I see that in Jexl features, we have a way to turn off the loops but for my requirement, I need to enable loops in the scripts. Is there a way detect infinite loops incase someone write's such an expression which turn into infinite loop during evaluation? Also, someone can also try to sabotage our application by running infinite loops. Is there a way to detect and avoid such a security issue? PS: I would really appreciate if you could let me know any other security aspects which I need to consider while using JEXL library. Thanks, Aditya — Aditya Kumar1 Technology Architect Precisely.com ATTENTION: -----The information contained in this message (including any files transmitted with this message) may contain proprietary, trade secret or other confidential and/or legally privileged information. Any pricing information contained in this message or in any files transmitted with this message is always confidential and cannot be shared with any third parties without prior written approval from Precisely. This message is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any use, disclosure, copying or distribution of this message, in any form, is strictly prohibited. If you have received this message in error, please immediately notify the sender and/or Precisely and destroy all copies of this message in your possession, custody or control.
