Robert Stupp created CASSANDRA-9890:
---------------------------------------

             Summary: Bytecode inspection for Java-UDFs
                 Key: CASSANDRA-9890
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-9890
             Project: Cassandra
          Issue Type: Improvement
            Reporter: Robert Stupp
            Assignee: Robert Stupp
             Fix For: 3.0.0 rc1


(Follow-up to CASSANDRA-9402)

For Java-UDFs we could inspect the compiled Java byte code to find usages of 
the Java language that are "forbidden" to UDFs.

These include usages of:
* {{synchronized}} keyword
* call to {{j.l.Object.wait}}
* call to {{j.l.Object.notify}}
* call to {{j.l.Object.notifyAll}}
* call to {{j.l.Object.getClass}}
* calls to specific methods of currently allowed classes in the driver (but 
would need some investigation)

By inspecting the byte code _before_ the class is actually used, even dirty 
constructs like the following would be impossible:
{noformat}
CREATE OR REPLACE FUNCTION ... AS $$  return Math.sin(val);
}

{
  // anonymous initializer code
}

static {
  // static initializer code
$$;
{noformat}

(inspired by [this blog 
post|http://jordan-wright.com/blog/2015/03/08/elasticsearch-rce-vulnerability-cve-2015-1427/])



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to