Andreas Kostyrka wrote:
Now, just insert a local variable, increment it on each loop iteration. Set an unreasonable high limit like 500000 iterations.
That's what I meant by inserting test code near jumps, actually :) This is such a low priority for me because of the number of deliberate denial of service attacks I know of which this would not solve. I may still implement it as a safety net for mistakes, rather than attacks.
Additionally, you should consider making a copy of builtins, and use it instead of the orginal, so the python method is executed in Safe mode. While this might force hardcore Python hackers to use external methods, it would magically close all loopholes like accessing __dict__, code block attributes, etc.
Already done. Right now __builtins__ is empty, but I'll probably just swipe the same set DTML objects use. I also plan to pervert 'import' to access the ZODB hierarchy instead of the filesystem.