[jira] [Commented] (TINKERPOP-2835) Query translation ignores sandbox limitations

Stephen Mallette (Jira) Thu, 08 Dec 2022 15:33:05 -0800


    [ 
https://issues.apache.org/jira/browse/TINKERPOP-2835?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17645030#comment-17645030
 ]


Stephen Mallette commented on TINKERPOP-2835:
---------------------------------------------

I'm not sure I understand what's happening. How are you sending the query to 
get it to trigger a {{Translator}}?

> Query translation ignores sandbox limitations
> ---------------------------------------------
>
>                 Key: TINKERPOP-2835
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2835
>             Project: TinkerPop
>          Issue Type: Bug
>            Reporter: Dan Snoddy
>            Priority: Critical
>
> When I run a query such as g.V().has('NAME',System.getenv()) our sandbox 
> configuration blocks the execution of System.getenv(), however if the request 
> is passed to one of the translators (e.g. GroovyTranslator), the query is 
> executed (and could be used to reboot a machine, kill the Java VM, run OS 
> level commands, etc):
> `g.V().has("NAME",[("PATH"): 
> ("/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin .....`
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (TINKERPOP-2835) Query translation ignores sandbox limitations

Reply via email to