Hi Emond,
ok, then I would let the NRR as it is, now.
Maybe there will be a way to improve it in the future.
kind regards
Tobias
> Am 08.01.2016 um 09:08 schrieb Emond Papegaaij <emond.papega...@topicus.nl>:
>
> Hi Tobias,
>
> Unfortunately, even Thread.stop is not fool-proof. For example, if you try
> this script, it will
> not terminate:
>
> var x = 0;
> while (true) {
> try {
> x++;
> } catch (e) {
> }
> }
>
> The problem in this case is that Thread.stop causes a ThreadDeath to be
> thrown inside the
> thread. This Error is caught by the catch-statement, ignored and the script
> will keep
> running.
>
> I don't think there is a way to protect against all kinds of mallicious
> scripts. There are
> simply too many ways to break a running VM. To be able to run scripts from
> untrusted
> sources, you will have to run these scripts in some kind of sandbox. You
> could, for example,
> spawn a new VM with limited resources.
>
> In one of our applications, users are able to write scripts in Groovy, which
> are used to
> generate reports. We use a very strict class and method whitelist, to prevent
> scripts from
> breaking out of its environment. We also inject code in all loops to abort a
> script when
> needed. However, this still does not protect us against things like claiming
> large amounts
> or memory. Also, a script can still catch the Exception we use to abort it
> and continue
> running. We simply have to trust our users to not write scripts that would
> harm our server.
> Therefore, we only allow a select group of users to write scripts and we can
> always see
> who wrote it.
>
> Best regards,
> Emond
>
>> On Thursday, January 07, 2016 07:57:36 PM Tobias Soloschenko wrote:
>> Hi Emond,
>>
>> ok the last thing left is the memory consumption. Hope that I am able to
>> find a way to make this also save.
>>
>> Any suggestions here?
>>
>> kind regards
>>
>> Tobias
>>
>>> Am 07.01.16 um 15:43 schrieb Emond Papegaaij:
>>> Hi Tobias,
>>>
>>> You have to modify the code with the snippet below. This will wait for
>>> termination with a timeout of 1 minute, after which the VM still
>>> terminates. However, in a normal webapplication, the VM will not
>>> terminate, so threads will stay active until you terminate your entire
>>> application.
>>>
>>> The code to trigger an out-of-memory is:
>>>
>>> var i = 0, o = {};
>>> while(true) {
>>>
>>> o[i++] = new Array(1000000);
>>>
>>> }
>>>
>>> Also, you can try to run the same testcase multiple times in 1 go. After
>>> about 100 executions of the script, I suspect your system will start to
>>> die on you.
