Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue with Js sanitizer #151

Open
ihevcuk opened this issue Jan 5, 2024 · 2 comments
Open

Issue with Js sanitizer #151

ihevcuk opened this issue Jan 5, 2024 · 2 comments
Labels
bug

Comments

@ihevcuk
Copy link

ihevcuk commented Jan 5, 2024

Script fails on js sanitizer with following exception: java.lang.RuntimeException: delight.nashornsandbox.exceptions.ScriptCPUAbuseException: Regular expression running for too many iterations. The operation could NOT be gracefully interrupted.

After that error, even the simplest script will fail with thread interrupted exception. On second call everything is fine.

I'm using java 17 and sandbox version 0.3.2. On version 0.3.0 it works as expected.
@mxro mxro added the bug label Jan 5, 2024
@mxro
Copy link
Collaborator

mxro commented Jan 5, 2024

Thank you for raising this issue!

Could you provide a code example to help reproduce the issue? Are there any regular expressions in the code that is run by the sandbox?

@jpimag
Copy link

jpimag commented Mar 27, 2024

Hello,
I reproduce the same issue with version 0.4.2 and both jdk 17 or 21.
It happens with ugly client script using very long if else statement.

An exemple :

public class NashornSandboxBug {
	public static void main(String[] args) throws ScriptException {
		String s = """
				function(data) {
				  if (data.get("propertyA") == "a special value 1" || data.get("propertyA") == "a special value 2") {
				    return "a special value 1";
				  } else if (data.get("propertyB") == "a special value 3" && (data.get("propertyC") == "a special value 1" || data.get("propertyJ") == "a special value 1" || data.get("propertyV") == "a special value 1")) {
				    return "a special value 1";
				  } else if (data.get("propertyB") == "4" && (data.get("propertyD") == "a special value 1" || data.get("propertyV") == "a special value 1" || data.get("propertyW") == "a special value 1")) {
				    return "a special value 1";
				  } else if (data.get("propertyB") == "a special value 2" && (data.get("propertyE") == "a special value 1" || data.get("propertyF") == "a special value 1" || data.get("propertyL") == "a special value 1")) {
				    return "a special value 1";
				  } else if (data.get("propertyB") == "a special value 3" && (data.get("propertyE") == "a special value 1" || data.get("propertyF") == "a special value 1" || data.get("propertyL") == "a special value 1")) {
				    return "a special value 1";
				  } else if (data.get("propertyB") == "a special value 3" && (data.get("propertyM") == "a special value 1" || data.get("propertyY") == "a special value 1" || data.get("propertyH") == "a special value 1")) {
				    return "a special value 1";
				  } else if (data.get("propertyB") == "a special value 3" && (data.get("propertyM") == "a special value 1" || data.get("propertyY") == "a special value 1" || data.get("propertyH") == "a special value 1")) {
				    return "a special value 1";
				  } else if (data.get("propertyB") == "a special value 3" && (data.get("propertyM") == "a special value 1" || data.get("propertyY") == "a special value 1" || data.get("propertyH") == "a special value 1")) {
				    return "a special value 1";
				  } else if (data.get("propertyB") == "a special value 3" && (data.get("propertyM") == "a special value 1" || data.get("propertyY") == "a special value 1" || data.get("propertyH") == "a special value 1")) {
				    return "a special value 1";
				  } else if (data.get("propertyB") == "a special value 3" && (data.get("propertyM") == "a special value 1" || data.get("propertyY") == "a special value 1" || data.get("propertyH") == "a special value 1")) {
				    return "a special value 1";
				  }  else if (data.get("propertyB") == "a special value 3" && (data.get("propertyM") == "a special value 1" || data.get("propertyY") == "a special value 1" || data.get("propertyH") == "a special value 1")) {
				    return "a special value 1";
				  } else if (data.get("propertyB") == "a special value 3" && (data.get("propertyM") == "a special value 1" || data.get("propertyY") == "a special value 1" || data.get("propertyH") == "a special value 1")) {
				    return "a special value 1";
				  } else {
				     return "0"
				  };
				
				}
				""";
		NashornSandbox sandbox = NashornSandboxes.create();
		sandbox.eval(s);
	}
}

and the stacktrace :

Exception in thread "main" delight.nashornsandbox.exceptions.ScriptCPUAbuseException: Regular expression running for too many iterations. The operation could NOT be gracefully interrupted.
	at delight.nashornsandbox.internal.SecureInterruptibleCharSequence.charAt(SecureInterruptibleCharSequence.java:23)
	at java.base/java.lang.Character.codePointAt(Character.java:9320)
	at java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4453)
	at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4969)
	at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:5057)
	at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:5000)
	at java.base/java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:4134)
	at java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4470)
	at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4969)
	at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:5057)
	at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:5000)
	at java.base/java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:4134)
	at java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4470)
	at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4969)
	at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:5057)
	at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:5000)
	at java.base/java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:4134)
	at java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4470)
	at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4969)
	at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:5057)
	at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:5000)
	at java.base/java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:4134)
	at java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4470)
	at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4969)
	at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:5057)
	at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:5000)
	at java.base/java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:4134)
	at java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4470)
	at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4969)
	at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:5057)
	at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:5000)
	at java.base/java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:4134)
	at java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4470)
	at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4969)
	at java.base/java.util.regex.Pattern$Loop.matchInit(Pattern.java:5100)
	at java.base/java.util.regex.Pattern$Prolog.match(Pattern.java:5024)
	at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4969)
	at java.base/java.util.regex.Pattern$StartS.match(Pattern.java:3820)
	at java.base/java.util.regex.Matcher.search(Matcher.java:1767)
	at java.base/java.util.regex.Matcher.find(Matcher.java:787)
	at delight.nashornsandbox.internal.JsSanitizer.injectInterruptionCalls(JsSanitizer.java:236)
	at delight.nashornsandbox.internal.JsSanitizer.secureJsImpl(JsSanitizer.java:284)
	at delight.nashornsandbox.internal.JsSanitizer.secureJs(JsSanitizer.java:263)
	at delight.nashornsandbox.internal.NashornSandboxImpl.eval(NashornSandboxImpl.java:251)
	at delight.nashornsandbox.internal.NashornSandboxImpl.eval(NashornSandboxImpl.java:228)
	at com.eloquant.jp.blackhole.NashornSandboxBug.main(NashornSandboxBug.java:43)

Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mxro @jpimag @ihevcuk