Restricted SCL environment
Currently several Simantics based applications use SCL scripts for customization.
Unfortunately, this is currently unsafe, because we do not have means to restrict th functions that uses can use. Here is an example from a certain product as a customizable transformation rule:
import "nn/Proteus/ExtractionRulesUtils/Common"
importJava "java.lang.System" where
exit :: Integer -> <Proc> ()
propertyRule :: PropertyRule
propertyRule = extract do
exit(-100)Executing the above rule as part of a model transformation closes the Simantics DB instance (DOS attack).