Comments (3)
Hi Bhanu, it has not been designed specifically to be thread-safe so I would recommend rather not doing it.
That being said, be welcome to have a look through the code and check if there are any non-thread safe operations!
from delight-nashorn-sandbox.
It appears to me that produceSecureBindings has a thread safety issue.
cached = scriptEngine.getBindings(ScriptContext.ENGINE_SCOPE);
sanitizeBindings(cached);
if (!allowExitFunctions) {
sb.append("var quit=function(){};var exit=function(){};");
}
if (!allowPrintFunctions) {
sb.append("var print=function(){};var echo = function(){};");
}
if (!allowReadFunctions) {
sb.append("var readFully=function(){};").append("var readLine=function(){};");
}
if (!allowLoadFunctions) {
sb.append("var load=function(){};var loadWithNewGlobal=function(){};");
}
if (!allowGlobalsObjects) {
// Max 22nd of Feb 2018: I don't think these are strictly necessary since they are only available in scripting mode
sb.append("var $ARG=null;var $ENV=null;var $EXEC=null;");
sb.append("var $OPTIONS=null;var $OUT=null;var $ERR=null;var $EXIT=null;");
}
scriptEngine.eval(sb.toString());
resetEngineBindings();
cached is instantiated and then mutated, but there is no guarantee that multiple threads are not within in this same block at once (or even that one thread will see engineAsserted = true
before it sees cached set).
from delight-nashorn-sandbox.
@hyperpape Thank you for finding this. Could you raise a separate issue for this so we can track it there and fix it? Thank you!
from delight-nashorn-sandbox.
Related Issues (20)
- Questions about unexpected situations where the stop method stops a thread HOT 7
- Version 0.1.30 java.lang.IllegalStateException: Executor thread not set after 100 ms HOT 1
- A ReDoS vulnerability can be exploited after version 0.2.0 HOT 29
- the beautifyjs function make script invoke timeout HOT 3
- Nashorn execution performance cracking HOT 6
- How to load external scripts into the same context HOT 1
- About Thread Long Runs HOT 5
- When will the following code be accessed in the ThreadMonitor class? HOT 2
- Problems About Memory Monitoring HOT 15
- A few suggestions for sandbox optimization, and I've practiced it on flink's high concurrency performance. HOT 6
- beautifyJs why what will execute my script? HOT 5
- [Question] UTF-8 support HOT 3
- How to prevent javascript from accessing all methods of the class by the nashorn? HOT 6
- When JS contains a large number of commented code, the CPU is not released due to sandbox regular matching. Is there any good way to remove the commented code? HOT 1
- Eval script of Number.EPSILON HOT 1
- Bad thread-interleaving occurs, as a result test failure happens
- > Nashorn exposes an instance of NashronScriptEngine through the `engine` property. HOT 1
- produceSecureBindings() doesn't seem to work HOT 3
- When allowExitFunctions is set to false, we can use the loadWithNewGlobal function to invoke the exit and quit methods to exit the Java process. HOT 5
- Some flaky tests HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from delight-nashorn-sandbox.