New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue with Js sanitizer #151
Labels
Comments
Thank you for raising this issue! Could you provide a code example to help reproduce the issue? Are there any regular expressions in the code that is run by the sandbox? |
Hello, An exemple : public class NashornSandboxBug {
public static void main(String[] args) throws ScriptException {
String s = """
function(data) {
if (data.get("propertyA") == "a special value 1" || data.get("propertyA") == "a special value 2") {
return "a special value 1";
} else if (data.get("propertyB") == "a special value 3" && (data.get("propertyC") == "a special value 1" || data.get("propertyJ") == "a special value 1" || data.get("propertyV") == "a special value 1")) {
return "a special value 1";
} else if (data.get("propertyB") == "4" && (data.get("propertyD") == "a special value 1" || data.get("propertyV") == "a special value 1" || data.get("propertyW") == "a special value 1")) {
return "a special value 1";
} else if (data.get("propertyB") == "a special value 2" && (data.get("propertyE") == "a special value 1" || data.get("propertyF") == "a special value 1" || data.get("propertyL") == "a special value 1")) {
return "a special value 1";
} else if (data.get("propertyB") == "a special value 3" && (data.get("propertyE") == "a special value 1" || data.get("propertyF") == "a special value 1" || data.get("propertyL") == "a special value 1")) {
return "a special value 1";
} else if (data.get("propertyB") == "a special value 3" && (data.get("propertyM") == "a special value 1" || data.get("propertyY") == "a special value 1" || data.get("propertyH") == "a special value 1")) {
return "a special value 1";
} else if (data.get("propertyB") == "a special value 3" && (data.get("propertyM") == "a special value 1" || data.get("propertyY") == "a special value 1" || data.get("propertyH") == "a special value 1")) {
return "a special value 1";
} else if (data.get("propertyB") == "a special value 3" && (data.get("propertyM") == "a special value 1" || data.get("propertyY") == "a special value 1" || data.get("propertyH") == "a special value 1")) {
return "a special value 1";
} else if (data.get("propertyB") == "a special value 3" && (data.get("propertyM") == "a special value 1" || data.get("propertyY") == "a special value 1" || data.get("propertyH") == "a special value 1")) {
return "a special value 1";
} else if (data.get("propertyB") == "a special value 3" && (data.get("propertyM") == "a special value 1" || data.get("propertyY") == "a special value 1" || data.get("propertyH") == "a special value 1")) {
return "a special value 1";
} else if (data.get("propertyB") == "a special value 3" && (data.get("propertyM") == "a special value 1" || data.get("propertyY") == "a special value 1" || data.get("propertyH") == "a special value 1")) {
return "a special value 1";
} else if (data.get("propertyB") == "a special value 3" && (data.get("propertyM") == "a special value 1" || data.get("propertyY") == "a special value 1" || data.get("propertyH") == "a special value 1")) {
return "a special value 1";
} else {
return "0"
};
}
""";
NashornSandbox sandbox = NashornSandboxes.create();
sandbox.eval(s);
}
} and the stacktrace :
Thanks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Script fails on js sanitizer with following exception: java.lang.RuntimeException: delight.nashornsandbox.exceptions.ScriptCPUAbuseException: Regular expression running for too many iterations. The operation could NOT be gracefully interrupted.
After that error, even the simplest script will fail with thread interrupted exception. On second call everything is fine.
I'm using java 17 and sandbox version 0.3.2. On version 0.3.0 it works as expected.
The text was updated successfully, but these errors were encountered: