package-analysis icon indicating copy to clipboard operation
package-analysis copied to clipboard

Published 20 hours ago verified publisher icon ossf

Report when a bad library causes an analysis worker to terminate due to a timeouts.

Open calebbrown opened this issue 4 years ago • 1 comments
trafficstars

Currently the analysis does not set any timeouts on how long an install and import is allowed to run.

This can allow a bad library to cause an analysis worker to block forever waiting for it to finish.

calebbrown avatar Nov 02 '21 03:11 calebbrown

At a coarse level this is done, as sandboxes use "sleep" as the entrypoint and will exit after about 30m.

However, this does not give us any clear reporting on timeout as the cause of termination.

We should record when a dynamic analysis run terminated due to a timeout.

calebbrown avatar Dec 21 '22 00:12 calebbrown