Add a flag in cassandra.yaml to enable UDFs patch by Robert Stupp; reviewed by Aleksey Yeschenko for CASSANDRA-9404
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/6c0a4626 Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/6c0a4626 Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/6c0a4626 Branch: refs/heads/trunk Commit: 6c0a4626249af927077bed552533eac2e3ed16a8 Parents: 63f5967 Author: Robert Stupp <[email protected]> Authored: Fri May 15 22:01:38 2015 +0200 Committer: Robert Stupp <[email protected]> Committed: Fri May 15 22:01:38 2015 +0200 ---------------------------------------------------------------------- CHANGES.txt | 1 + NEWS.txt | 6 ++++++ conf/cassandra.yaml | 5 +++++ src/java/org/apache/cassandra/config/Config.java | 2 ++ src/java/org/apache/cassandra/config/DatabaseDescriptor.java | 5 +++++ src/java/org/apache/cassandra/cql3/functions/UDFunction.java | 7 +++++++ .../cassandra/cql3/statements/CreateFunctionStatement.java | 3 +++ test/conf/cassandra.yaml | 1 + 8 files changed, 30 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cassandra/blob/6c0a4626/CHANGES.txt ---------------------------------------------------------------------- diff --git a/CHANGES.txt b/CHANGES.txt index c5c505a..e3b25b5 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,4 +1,5 @@ 2.2.0-beta1 + * Add a flag in cassandra.yaml to enable UDFs (CASSANDRA-9404) * Better support of null for UDF (CASSANDRA-8374) * Use ecj instead of javassist for UDFs (CASSANDRA-8241) * faster async logback configuration for tests (CASSANDRA-9376) http://git-wip-us.apache.org/repos/asf/cassandra/blob/6c0a4626/NEWS.txt ---------------------------------------------------------------------- diff --git a/NEWS.txt b/NEWS.txt index 9d56841..c9d36ad 100644 --- a/NEWS.txt +++ b/NEWS.txt @@ -48,6 +48,12 @@ New features directory. - Support for user-defined functions and user-defined aggregates have been added to CQL. + ************************************************************************ + IMPORTANT NOTE: user-defined functions can be used to execute + arbitrary and possibly evil code in Cassandra 2.2-beta1. + To enable UDFs edit cassandra.yaml and set enable_user_defined_functions + to true. CASSANDRA-9402 will add a security manager for UDFs. + ************************************************************************ - Row-cache is now fully off-heap. - jemalloc is now automatically preloaded and used on Linux and OS-X if installed. http://git-wip-us.apache.org/repos/asf/cassandra/blob/6c0a4626/conf/cassandra.yaml ---------------------------------------------------------------------- diff --git a/conf/cassandra.yaml b/conf/cassandra.yaml index 5033a8d..fb103fa 100644 --- a/conf/cassandra.yaml +++ b/conf/cassandra.yaml @@ -843,3 +843,8 @@ inter_dc_tcp_nodelay: false # TTL for different trace types used during logging of the repair process. tracetype_query_ttl: 86400 tracetype_repair_ttl: 604800 + +# UDFs (user defined functions) are disabled by default. +# As of Cassandra 2.2-beta1, there is no security manager or anything else in place that +# prevents execution of evil code. CASSANDRA-9402 will fix this issue for Cassandra 2.2-rc1. +enable_user_defined_functions: false http://git-wip-us.apache.org/repos/asf/cassandra/blob/6c0a4626/src/java/org/apache/cassandra/config/Config.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/config/Config.java b/src/java/org/apache/cassandra/config/Config.java index 2ede76e..269f577 100644 --- a/src/java/org/apache/cassandra/config/Config.java +++ b/src/java/org/apache/cassandra/config/Config.java @@ -259,6 +259,8 @@ public class Config public static final int otc_coalescing_window_us_default = 200; public int otc_coalescing_window_us = otc_coalescing_window_us_default; + public boolean enable_user_defined_functions = false; + public static boolean getOutboundBindAny() { return outboundBindAny; http://git-wip-us.apache.org/repos/asf/cassandra/blob/6c0a4626/src/java/org/apache/cassandra/config/DatabaseDescriptor.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/config/DatabaseDescriptor.java b/src/java/org/apache/cassandra/config/DatabaseDescriptor.java index b5c5fb4..ad6b117 100644 --- a/src/java/org/apache/cassandra/config/DatabaseDescriptor.java +++ b/src/java/org/apache/cassandra/config/DatabaseDescriptor.java @@ -1683,4 +1683,9 @@ public class DatabaseDescriptor { return conf.otc_coalescing_window_us; } + + public static boolean enableUserDefinedFunctions() + { + return conf.enable_user_defined_functions; + } } http://git-wip-us.apache.org/repos/asf/cassandra/blob/6c0a4626/src/java/org/apache/cassandra/cql3/functions/UDFunction.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/cql3/functions/UDFunction.java b/src/java/org/apache/cassandra/cql3/functions/UDFunction.java index 873a1f2..a01f08f 100644 --- a/src/java/org/apache/cassandra/cql3/functions/UDFunction.java +++ b/src/java/org/apache/cassandra/cql3/functions/UDFunction.java @@ -27,6 +27,7 @@ import org.slf4j.LoggerFactory; import com.datastax.driver.core.DataType; import com.datastax.driver.core.ProtocolVersion; import com.datastax.driver.core.UserType; +import org.apache.cassandra.config.DatabaseDescriptor; import org.apache.cassandra.config.KSMetaData; import org.apache.cassandra.config.Schema; import org.apache.cassandra.cql3.*; @@ -92,6 +93,9 @@ public abstract class UDFunction extends AbstractFunction implements ScalarFunct String body) throws InvalidRequestException { + if (!DatabaseDescriptor.enableUserDefinedFunctions()) + throw new InvalidRequestException("User-defined-functions are disabled in cassandra.yaml - set enable_user_defined_functions=true to enable if you are aware of the security risks"); + switch (language) { case "java": return JavaSourceUDFFactory.buildUDF(name, argNames, argTypes, returnType, calledOnNullInput, body); @@ -131,6 +135,9 @@ public abstract class UDFunction extends AbstractFunction implements ScalarFunct public final ByteBuffer execute(int protocolVersion, List<ByteBuffer> parameters) throws InvalidRequestException { + if (!DatabaseDescriptor.enableUserDefinedFunctions()) + throw new InvalidRequestException("User-defined-functions are disabled in cassandra.yaml - set enable_user_defined_functions=true to enable if you are aware of the security risks"); + if (!isCallableWrtNullable(parameters)) return null; return executeUserDefined(protocolVersion, parameters); http://git-wip-us.apache.org/repos/asf/cassandra/blob/6c0a4626/src/java/org/apache/cassandra/cql3/statements/CreateFunctionStatement.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/cql3/statements/CreateFunctionStatement.java b/src/java/org/apache/cassandra/cql3/statements/CreateFunctionStatement.java index 3cef6e4..4ceecba 100644 --- a/src/java/org/apache/cassandra/cql3/statements/CreateFunctionStatement.java +++ b/src/java/org/apache/cassandra/cql3/statements/CreateFunctionStatement.java @@ -130,6 +130,9 @@ public final class CreateFunctionStatement extends SchemaAlteringStatement public void validate(ClientState state) throws InvalidRequestException { + if (!DatabaseDescriptor.enableUserDefinedFunctions()) + throw new InvalidRequestException("User-defined-functions are disabled in cassandra.yaml - set enable_user_defined_functions=true to enable if you are aware of the security risks"); + if (ifNotExists && orReplace) throw new InvalidRequestException("Cannot use both 'OR REPLACE' and 'IF NOT EXISTS' directives"); http://git-wip-us.apache.org/repos/asf/cassandra/blob/6c0a4626/test/conf/cassandra.yaml ---------------------------------------------------------------------- diff --git a/test/conf/cassandra.yaml b/test/conf/cassandra.yaml index f419fbd..3d3de84 100644 --- a/test/conf/cassandra.yaml +++ b/test/conf/cassandra.yaml @@ -38,3 +38,4 @@ concurrent_compactors: 4 compaction_throughput_mb_per_sec: 0 row_cache_class_name: org.apache.cassandra.cache.OHCProvider row_cache_size_in_mb: 16 +enable_user_defined_functions: true
