[
https://issues.apache.org/jira/browse/CASSANDRA-14126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16300902#comment-16300902
]
Alex Lourie commented on CASSANDRA-14126:
-----------------------------------------
The reason it doesn't work is that creating _functions_ in JS requires a couple
more packages to be added to "allowed" list in the sandbox.
I've created a patch here
https://github.com/apache/cassandra/compare/trunk...alourie:CASSANDRA-14126 for
the trunk. It fixes the issue, but the question is whether the functions should
be allowed at all.
If the functions are not allowed in the javascript UFDs, then it should be
clearly stated in the documentation.
> don't work udf javascripts
> --------------------------
>
> Key: CASSANDRA-14126
> URL: https://issues.apache.org/jira/browse/CASSANDRA-14126
> Project: Cassandra
> Issue Type: Bug
> Components: CQL
> Reporter: Denis Pershin
> Assignee: Alex Lourie
> Priority: Minor
> Labels: security
> Fix For: 3.11.x
>
> Attachments: cassandra-01.yaml, cassandra-02.yaml, cassandra-03.yaml
>
>
> * config:
> {code}
> enable_user_defined_functions: true
> enable_scripted_user_defined_functions: true
> {code}
> * create keyspace:
> {code}
> CREATE KEYSPACE testkeyspace WITH REPLICATION = { 'class' : 'SimpleStrategy',
> 'replication_factor' : 1 };
> {code}
> * in testkeyspace create function:
> {code}
> CREATE OR REPLACE FUNCTION first_int(input set<int>) RETURNS NULL ON NULL
> INPUT RETURNS int LANGUAGE javascript AS '(function(){var result = 2;return
> result;})();';
> {code}
> * create table and insert:
> {code}
> create table A (id int primary key, val set<int>);
> insert into A (id, val) values (1, {3,5,7,1});
> {code}
> * select:
> {code}
> select first_int(val) from A where id = 1;
> Traceback (most recent call last):
> File "/usr/bin/cqlsh.py", line 1044, in perform_simple_statement
> result = future.result()
> File
> "/usr/share/cassandra/lib/cassandra-driver-internal-only-3.10.zip/cassandra-driver-3.10/cassandra/cluster.py",
> line 3826, in result
> raise self._final_exception
> FunctionFailure: Error from server: code=1400 [User Defined Function failure]
> message="execution of 'testkeyspace.first_int[set<int>]' failed:
> java.security.AccessControlException: access denied:
> ("java.lang.RuntimePermission" "accessClassInPackage.java.io")"
> {code}
> raw log:
> {code}
> root@001b19bd3cc6:/# cqlsh
> Connected to Test Cluster at 127.0.0.1:9042.
> [cqlsh 5.0.1 | Cassandra 3.11.1 | CQL spec 3.4.4 | Native protocol v4]
> Use HELP for help.
> cqlsh> CREATE KEYSPACE testkeyspace WITH REPLICATION = { 'class' :
> 'SimpleStrategy', 'replication_factor' : 1 };
> cqlsh> USE testkeyspace ;
> cqlsh:testkeyspace> CREATE OR REPLACE FUNCTION first_int(input set<int>)
> RETURNS NULL ON NULL INPUT RETURNS int LANGUAGE javascript AS
> '(function(){var result = 2;return result;})();';
> cqlsh:testkeyspace> create table A (id int primary key, val set<int>);
> cqlsh:testkeyspace> insert into A (id, val) values (1, {3,5,7,1});
> cqlsh:testkeyspace> select first_int(val) from A where id = 1;
> Traceback (most recent call last):
> File "/usr/bin/cqlsh.py", line 1044, in perform_simple_statement
> result = future.result()
> File
> "/usr/share/cassandra/lib/cassandra-driver-internal-only-3.10.zip/cassandra-driver-3.10/cassandra/cluster.py",
> line 3826, in result
> raise self._final_exception
> FunctionFailure: Error from server: code=1400 [User Defined Function failure]
> message="execution of 'testkeyspace.first_int[set<int>]' failed:
> java.security.AccessControlException: access denied:
> ("java.lang.RuntimePermission" "accessClassInPackage.java.io")"
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
