What happens if I pass a recursive function to map()?

  let traverse = (dir) => {
    name: dir.name,
    files: api.ls(dir).map(traverse) // api.ls() returns [] for files
  };
  let tree = api.ls("/").map(traverse);

▲ kentonv 4 days ago | parent [-]

I believe this will stack-overflow on the client side. The callback is invoked in recording mode synchronously when you call `.map()`. Nested maps are allowed, but this case ends up being infinitely nested, so eventually you're going to hit a stack overflow while trying to do the recording.

▲

comex 4 days ago | parent | next [-]

What prevents an attacker from using nested maps to make the server spend exponential amounts of CPU and memory on the response? Is there some kind of limit on the total number of response items?

	▲	kentonv 3 days ago \| parent [-]
		The application should track resource use and implement limits as needed. I know that sounds like a cop-out, but this is really true of any protocol, and the RPC protocol itself has no real knowledge of the cost of each operation or how much memory is held, so can't really enforce limits automatically.

▲

meindnoch 4 days ago | parent | prev [-]

But you could detect such recursion and stop descending on the client side. Then the server could mirror the same recursion on their end.

	▲	kentonv 4 days ago \| parent [-]
		Yes, perhaps. Particularly if it's the exact same function (by identity). It hadn't occurred to me.