防弹groovy脚本嵌入 [英] Bullet-proof groovy script embedding

问题描述

我正在开发一个服务器应用程序，可以通过用户提供的Groovy脚本进行扩展。很明显，我想确保这些脚本运行在一个非常紧凑的沙箱中，它们不会破坏核心应用程序代码或消耗太多资源来重载服务器。

我研究了各种可能性，最终的解决方案可能是这些的组合：

• 在非常有限的安全经理中运行脚本。脚本在没有权限的SecurityManager中运行。必须声明额外的权限（如Android）。

启动一个新的JVM 。在Runtime.exec周围创建一个ScriptProcess包装器，并生成一个带有安全管理器，有限堆等的新JVM。因为我们启动了一个全面的过程，我们可能在监视不良行为的过程中获得更多控制权。虽然资源成本会很高，但是...另一种方法是在这里使用Ant，但是它可以扩展吗？
• 在Java 6中，有一个具有监控能力的软件包。我们可以监控线程，并可能检测到无限循环和内存消耗。任何人使用过？

这是我今天想到的。确保这些脚本的行为正确并保持一定的可伸缩性和性能的最佳方法是什么？

解决方案

另外一种可能性是在运行嵌入式脚本的GroovyShell上使用Groovy 1.8编译定制器。您可以预先导入类和方法，限制使用Groovy AST，并预先应用AST转换，例如@ThreadInterrupt，@TimedInterrupt或@ConditionalInterrupt。详情请见： b
$ b

http：// www .jroller.com / melix / entry / customizing_groovy_compilation_process

I'm working on a server app that may be extended by user-supplied Groovy scripts. It's evident that I want to make sure these scripts run in a very tight sandbox where they cannot disrupt the core application code or consume too much resources to overload the server.

I have studied various possibilities and the final solution may be a combination of these:

• Run the script within a very restricted security manager. The script is run within a no permission SecurityManager. Additional permissions have to be declared (like Android).

• Launch a new JVM. Create a ScriptProcess wrapper around Runtime.exec and spawning a new JVM with a security manager, limited heap, etc. Because we launch a full-blown process, we might get more control on monitor bad behaving ones? The cost in resource would be dire though... An alternative would be to use Ant here, but would it be scalable?

• Java Monitor API In Java 6 there is a package with monitoring capacity. We could monitor threads and maybe detect infinite loops and memory consumption. Anyone used this?

These are what I have in mind today. What would be the best way to make sure these scripts behave correctly and still keep a certain scalability and performance?

解决方案

An additional possibility is using Groovy 1.8 compilation customizers on the GroovyShell that runs the embedded scripts. You can pre-import classes and methods, restrict use of the Groovy AST, and pre-apply an AST transformation, such as @ThreadInterrupt, @TimedInterrupt, or @ConditionalInterrupt. Details at:

http://www.jroller.com/melix/entry/customizing_groovy_compilation_process

这篇关于防弹groovy脚本嵌入的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！