CVE-2021-44228-Scanner icon indicating copy to clipboard operation
CVE-2021-44228-Scanner copied to clipboard

Published 20 hours ago verified publisher icon logpresso

We have observerd high CPU usage. Is there any way to pass a parameter and set a limit on how much cpu the tool can consume?

Open fernandomt08 opened this issue 3 years ago • 6 comments

fernandomt08 avatar Dec 17 '21 18:12 fernandomt08

It may depends on what operating system and version you are using.

xeraph avatar Dec 17 '21 18:12 xeraph

I'd use the OS to do that: On Linux/BSD/Etc:

$ nice java -jar scanner.jar

On windows (untested):

$ start /belownormal java -jar scanner.jar

Reference: https://stackoverflow.com/questions/4208/windows-equivalent-of-nice

jlellis avatar Dec 17 '21 18:12 jlellis

It would be useful if there was some way to have the scan utility use like 10% of a single CPU core or similar to be self limiting in terms of both CPU and diskIO. This is especially important when running the scan on many virtual machines on the same host at once since they can all end up hitting the same CPU and Disks at the same time.

We do recommend staggering the scan when deploying it (or really any similar thing) which helps with this problem, but having a way to cause it to be more self limiting would help minimize the chances of problems.

That said, I have no clue how hard a feature like this would be to implement. One potential approach is to have the scan work for approximately 1 second, then sleep for 3 seconds, then work for 1 second, etc... which can approximate a maximum 25% CPU usage by doing this, assuming that it uses 100% of a cpu core when working and calculating the percentage as: 1s-work / (1s-work + 3s-sleep)

Things like "start /belownormal" and "nice" have the thread run at lower priority, but it will still run at 100% if it can. The lower priority is great for not harming things running on the system, but it does not help in the case of a shared VM host having all of it's VMs running it for 100% all at the same time.

jgstew avatar Dec 17 '21 23:12 jgstew

Hallo, we have simmilar problems here. It would be helpful to reduce the cpu load using a config-option.

rprengel2 avatar Jan 24 '22 07:01 rprengel2

Hallo, load is caused here by tons of files that must be checked (developer-systems). A working wildcard feature should help but less consuming ressources would be nice too. Thanks for your great tool. Ralf

rprengel2 avatar Jan 26 '22 04:01 rprengel2

@fernandomt08 @rprengel2 Would you test v2.8.1 release? You can use --throttle option to limit CPU usage. For example, --throttle 1000 means that scanner is allowed to scan 1000 files per second. I also improved overall ZIP scan performance.

xeraph avatar Jan 27 '22 11:01 xeraph