we've never claimed that it is secure for running untrusted code. Scripts can easily cause denial of service by exhausting all memory, or by hash flooding.
It seems like executing arbitrary starlark code could crash a system, but other than that, there should be no way to escape the execution environment. Is this expectation correct?
The safety expectations also sound different from what https://github.com/google/cel-go offers, so it would be great if this could be elaborated in README.
stepancheg
commented
1 year ago
https://github.com/bazelbuild/starlark/blob/ce1fdb0e4eb2c85dfc549ddee4dcf55974392334/README.md?plain=1#L36-L37
The readme says:
https://github.com/google/starlark-go/issues/241#issuecomment-816369357 says:
It seems like executing arbitrary starlark code could crash a system, but other than that, there should be no way to escape the execution environment. Is this expectation correct?
The safety expectations also sound different from what https://github.com/google/cel-go offers, so it would be great if this could be elaborated in README.