[jira] [Commented] (CASSANDRA-12883) Remove support for non-JavaScript UDFs

Fri, 06 Jan 2017 07:03:15 -0800 

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-12883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15804695#comment-15804695
 ] 

Robert Stupp commented on CASSANDRA-12883:
------------------------------------------

Committed as 0e9e0a4a8319b1b165c21d58a8fe9d9be43fe5a4 to 3.11, too

> Remove support for non-JavaScript UDFs
> --------------------------------------
>
>                 Key: CASSANDRA-12883
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-12883
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: CQL
>            Reporter: Robert Stupp
>            Assignee: Robert Stupp
>            Priority: Minor
>             Fix For: 2.2.9, 3.0.11, 3.12
>
>
> As recently reported in the user mailing list, JSR-223 languages other than 
> JavaScript no longer work since version 3.0.
> The reason is that the sandbox implemented in CASSANDRA-9402 restricts the 
> use of "evil" packages, classes and functions. Unfortunately, even "non-evil" 
> packages from JSR-223 providers are blocked.
> In order to get a JSR-223 provider working fine, we need to allow JSR-223 
> provider specific packages and also allow specific runtime permissions.
> The fact that "arbitrary" JSR-223 providers no longer work since 3.0 has just 
> been reported recently, means that this functionality (i.e. non-JavaSCript 
> JSR-223 UDFs) is obviously not used.
> Therefore I propose to remove support for UDFs that do not use Java or 
> JavaScript in 4.0. This will also allow to specialize scripted UDFs on 
> Nashorn and allow to use its security features, although these are limited, 
> more extensively. (Clarification: this ticket is just about to remove that 
> support)
> Also want to point out that we never "officially" supported UDFs that are not 
> Java or JavaScript.
> Sample error message:
> {code}
> Traceback (most recent call last):
>   File "/usr/bin/cqlsh.py", line 1264, in perform_simple_statement
>     result = future.result()
>   File 
> "/usr/share/cassandra/lib/cassandra-driver-internal-only-3.5.0.post0-d8d0456.zip/cassandra-driver-3.5.0.post0-d8d0456/cassandra/cluster.py",
>  line 3650, in result
>     raise self._final_exception
> FunctionFailure: Error from server: code=1400 [User Defined Function failure] 
> message="execution of 'e.test123[bigint]' failed: 
> java.security.AccessControlException: access denied: 
> ("java.lang.RuntimePermission" 
> "accessClassInPackage.org.python.jline.console")
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to