[jira] [Created] (CASSANDRA-12883) Remove support for non-JavaScript UDFs

Sat, 05 Nov 2016 12:13:14 -0700 

Robert Stupp created CASSANDRA-12883:
----------------------------------------

             Summary: Remove support for non-JavaScript UDFs
                 Key: CASSANDRA-12883
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-12883
             Project: Cassandra
          Issue Type: Improvement
          Components: CQL
            Reporter: Robert Stupp
            Assignee: Robert Stupp
            Priority: Minor
             Fix For: 4.0


As recently reported in the user mailing list, JSR-223 languages other than 
JavaScript no longer work since version 3.0.

The reason is that the sandbox implemented in CASSANDRA-9402 restricts the use 
of "evil" packages, classes and functions. Unfortunately, even "non-evil" 
packages from JSR-223 providers are blocked.

In order to get a JSR-223 provider working fine, we need to allow JSR-223 
provider specific packages and also allow specific runtime permissions.

The fact that "arbitrary" JSR-223 providers no longer work since 3.0 has just 
been reported recently, means that this functionality (i.e. non-JavaSCript 
JSR-223 UDFs) is obviously not used.

Therefore I propose to remove support for UDFs that do not use Java or 
JavaScript in 4.0. This will also allow to specialize scripted UDFs on Nashorn 
and allow to use its security features, although these are limited, more 
extensively. (Clarification: this ticket is just about to remove that support)

Also want to point out that we never "officially" supported UDFs that are not 
Java or JavaScript.

Sample error message:
{code}
Traceback (most recent call last):
  File "/usr/bin/cqlsh.py", line 1264, in perform_simple_statement
    result = future.result()
  File 
"/usr/share/cassandra/lib/cassandra-driver-internal-only-3.5.0.post0-d8d0456.zip/cassandra-driver-3.5.0.post0-d8d0456/cassandra/cluster.py",
 line 3650, in result
    raise self._final_exception
FunctionFailure: Error from server: code=1400 [User Defined Function failure] 
message="execution of 'e.test123[bigint]' failed: 
java.security.AccessControlException: access denied: 
("java.lang.RuntimePermission" "accessClassInPackage.org.python.jline.console")
{code}




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to