How stop Nashorn from allowing the quit() function?

I'm trying to add a scripting feature to our system where untrusted users can write simple scripts and have them execute on the server side. I'm trying to use Nashorn as the scripting engine.Unfortunately, they added a few non-standard features to Nashorn:https://docs.oracle.com/javase/8/docs/technotes/guides/scripting/nashorn/shell.html#sthref29Scroll down to "Additional Nashorn Built-in Functions" and see the "quit()" function. Yup, if an untrusted user runs this code, the whole JVM shuts down.This is strange, because Nashorn specifically ant...Read more

Nashorn bug JDK8u40 "Method Code Too Large"

The Nashorn eval of a js script on a method invoked on an object that is actually implemented by its superclass, delegates to a dynamic linker. This iterates through the entire hierarchy of the class and builds a classWriter on all its methods. If the superclasses contain few 1000's of methods it still emits the "Method Code Too Large" error exceeding the 64K limit JDK defines.var obj = SomeInitCode.getObjectOfCustomType();var xyz = obj.doSomeOperation() // this is method implemented on obj's superclass which is Abstract.The Nashorn engine then...Read more

Nashorn and script binding scopes

Somewhat confused about ENGINE_SCOPE and GLOBAL_SCOPE binding in Nashorn, trying to follow the discussion here. Before reading this my understanding of scopes (at least in rhino) was that there's a single, shared Bindings in the GLOBAL_SCOPE and individual bindings in ENGINE_SCOPE for each individual engine. However this page seems to be saying that each individual engine stores the basic javascript constructs in bindings that exist in the engines ENGINE_SCOPE (confusingly called the "Nashorn Global Scope"). This sounds like it makes the GLOBAL...Read more

Java 8 Nashorn load script without executing it

I am using Java 8 Nashorn to execute a specific previously agreeed upon method. I could Invoke the specific method no problem. One thing that bugged me though is that when I load the script, it also executes it. For example if file.js contains a print("hello world!") the scriptEngine.eval(new FileReader("./file.js") would execute and print hello world. I have to do this before I could invoke the specific method I want.Is there a way to eval()/load the scripts without executing it? Thanks...Read more

GraalVM + Nashorn Cannot extend classes

I'm attempting to use graal + nashorn interop to write nodejs that interacts with Java. I'm starting graal with node --jvm --jvm.Xss2m --jvm.Dtruffle.js.NashornJavaInterop=true --jvm.classpath=libs/ --polyglot app.js. I cannot extend a class though. The javascript code is const GraaljsgrpcServiceImpl = Java.type('com.thing.GraaljsgrpcServiceImpl');const HelloReply = Java.type('com.thing.HelloReply');var GrpcImpl = Java.extend(GraaljsgrpcServiceImpl, { sayHello: function(request, responseObserver) { responseObserver.onNext(HelloRepl...Read more

nashorn - Ternary conditional logic in Karate with undefined variable

I have a Karate feature file, let's called it A.feature, that is intended to be re-used by other feature files. By using shared scope, A.feature can use some variables, for instance the country, defined in the calling feature file. I want these parameters to be optional, but with a default value defined in A.feature. To do that I'm using ternary conditional logic, for instance:* def myCountry = (country ? country : 'us')However when country is not defined, a ReferenceError: "country" is not definedis thrown.Does anybody have any idea how to r...Read more