I am extending a server application written in Java to allow user callbacks (written in Javascript) to be launched in response to requests. I did some reading, and although it seems that you can disable Java classes in Nashorn, there is nothing that will prevent the user from creating Javascript code that allocates a huge array without using any Java APIs. I am wondering if there is a way to limit this, either proactively or reactively.
The solution I came across is to have a small heap JVM process pool that is responsible for running custom code. There will be a manager of a pool of workers to create new processes if necessary. Thus, the main process as well as other user code will not be affected by one malicious user. Although this solution is likely to work, it seems to be hard. Is there a better solution that allows attackers to use too much memory?
I am not particularly tuned to Javascript, so if there is any other scripting language that can be run in the JVM and the memory limit is also supported, I would be ready to use it instead of Nashorn. Unfortunately, it looks like Jython, JRuby, and LuaJava do not have what I'm looking for. Thanks in advance.
source share