1

We're using drools and allow our users to enter their own drools rule conditions and consequences. However, to make the whole drools stuff more reliable, we need to make sure no infinite loops or other blocking things block the whole system.

For rule-loops (rule A -> rule B -> rule A -> ...) we have measures taken. However, it is still possible to use something like

for(int i=0; i<1000000; i++) {
    doSomething();
}

The problem is that we cannot avoid all this using blacklists or something, so we need a drools measure to do this.

Using session.halt() on the current KnowledgeSession doesn't abort the consequence part. session.dispose() results in the consequence being run even though the session is dead already, which is not what we need.

I also didn't find some "maximum execution time", which could limit the time a consequence execution is allowed to take before it is terminated.

Also tried to add a hook to the beforeActivationFired, which starts a thread, which waits 10s and then uses agendaItem.cancel() as well as removing the rule from the kBase. To no avail, the rule consequence kept on running.

Any ideas would be helpful.

Muhammad Hassan
  • 475
  • 2
  • 14
Kay Jugel
  • 73
  • 11
  • Do you mean that they could also run something like `System.exit(0)`? I'm trying to be cheeky... if you let users code enter your application, you have to put a good number of measures to protect the process, files on the server and any other resources that are accessible from the application. – Augusto May 24 '16 at 14:10
  • Tell them not to write any loops of the "for" kind (as opposed to the "forall" kind), period. If they think they need to do that, your application/Drools system has some deficiencies. – laune May 24 '16 at 17:37
  • We have a Java security manager tailored, which is enabled at the beginning of the then part and disabled at the end of it (after user's code). We also have several blacklists and whitelists etc., for taking such measures, but that's not for discussion now. And yes, we could tell them to not use loops and we could even enfore not using loops, but we would also limit the functionality quite a lot, which we don't want to. Basically loops are not problem, if we didn't run multitenant-mode, which means one drools engine could put lots of load on the system. – Kay Jugel May 25 '16 at 06:53

0 Answers0