Painless: More Safety Features #30139
Comments
jdconrad
added
discuss
:Core/Infra/Scripting
|
Pinging @elastic/es-core-infra |
|
For regex this might be a good solution (https://www.exratione.com/2017/06/preventing-unbounded-regular-expression-operations-in-java/) -- we could use a counter in place of system time to avoid system calls or something along those lines instead. |
|
I've thought about things like that on and off for a little while.
Something like this could be useful in a few places in Elasticsearch where
we use regexes.
…On Thu, May 31, 2018 at 3:54 PM Jack Conradson ***@***.***> wrote:
For regex this might be a good solution (
https://www.exratione.com/2017/06/preventing-unbounded-regular-expression-operations-in-java/)
-- we could use a counter in place of system time to avoid system calls or
something along those lines instead.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#30139 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AANLojKpbeDff9ZFgF87D2IhM-UzXm_7ks5t4EplgaJpZM4TjtcH>
.
|
|
Using the scripted metric aggregation, it is possible to build up large maps that can OOM the node without any circuit breaking. It would be nice to have a way of circuit breaking during scripting when the data that the script holds on to grows too big (or at least give the parent circuit breaker a chance to trip). |
|
@henningandersen Do you mean specifically with the map script, or with combine and/or reduce? In any case, I think this can be done by having "smart" objects which are passed into the script instead of plain Maps. This way after the agg calls execute for each document, it can update the circuit breaker with any change in the data size. |
|
@rjernst I think all 3 scripts could experience this. The map script is probably the primary way too much data is collected, but the combine (and reduce) script then risks gathering a similar amount (but in one script invocation). |
Painless currently utilizes an improvised statement counter in an attempt to prevent infinite loops. In some use cases this isn't really enough as each iteration of the loop can take an excessive amount of time. We should explore the possibility of adding additional safety features.
Some ideas that have been proposed already are the following:
Given that one of Painless's primary design goals is performance, I would like to propose a final feature if we do decide we would like more safety features -- two modes, safety and performance. As each of the above described features would likely add a non-insignificant amount of overhead, we could have a mode where they are disabled if the user requires the best performance available. Or we could even have a selection of enabled/disabled safety features, but this may be overly complex.
I would be interested in hearing about everyone's ideas, thoughts, and concerns related to this issue. @simonw @nik9000 @rjernst
The text was updated successfully, but these errors were encountered: