Thanks, I'll just need to find what is the actual whitelist and how to have a custom one then. If someone has any clue ?
Le mercredi 10 décembre 2014 11:27:52 UTC+1, Jörg Prante a écrit : > > No. I think ES developers configured the sandbox to deny java.lang.* calls > and java.lang.String is not in the whitelist. > > > https://github.com/elasticsearch/elasticsearch/blob/b43b56a6a85f7dd131086fd83dc9267aecbbf0a3/src/main/java/org/elasticsearch/script/groovy/GroovySandboxExpressionChecker.java#L90-L111 > > <https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Felasticsearch%2Felasticsearch%2Fblob%2Fb43b56a6a85f7dd131086fd83dc9267aecbbf0a3%2Fsrc%2Fmain%2Fjava%2Forg%2Felasticsearch%2Fscript%2Fgroovy%2FGroovySandboxExpressionChecker.java%23L90-L111&sa=D&sntz=1&usg=AFQjCNHRcEKxmTeoBh0RSXOdklvMO2vAbg> > > You can add java.lang.String to the whitelist by defining your own > whitelist including java.lang.String > > > http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/modules-scripting.html#_groovy_sandboxing > > or open an issue with the request to add java.lang.String to the groovy > whitelist by default. > > Jörg > > > On Wed, Dec 10, 2014 at 11:13 AM, Dunaeth <[email protected] > <javascript:>> wrote: > >> May this exception be caused by a bad dynamic_scripting parameter ? >> >> Le mercredi 10 décembre 2014 11:10:14 UTC+1, Dunaeth a écrit : >> >>> Here it is : >>> >>> [log-2014-02][0]: SearchParseException[[log-2014-02][0]: >>>> from[-1],size[0]: Parse Failure [Failed to parse source >>>> [{"size":0,"aggs":{"prefilter":{"filter":{"and":[{"bool":{" >>>> must":[{"term":{"valid":true}},{"term":{"shop_id":"1838"}}]} >>>> },{"range":{"date":{"gte":"2014-11-08T23:00:00.000+00:00" >>>> ,"lt":"2014-12-09T23:00:00.000+00:00"}}}]},"aggs":{"per_ >>>> day":{"terms":{"script":"doc.date.date.setZone(org. >>>> elasticsearch.common.joda.time.DateTimeZone.forID(' >>>> Europe/Paris'));doc.date.date.year+'-'+String.format('%02d', >>>> doc.date.date.monthOfYear)+'-'+String.format('%02d',doc. >>>> date.date.dayOfMonth)","size":31,"order":{"_term":"asc"}}," >>>> aggs":{"stats":{"terms":{"field":"type"},"aggs":{" >>>> unique":{"filter":{"term":{"unique":true}}}}}}}}}}}]]]; nested: >>>> GroovyScriptCompilationException[MultipleCompilationErrorsException[startup >>>> >>>> failed: General error during canonicalization: Method calls not allowed on >>>> [java.lang.String] java.lang.SecurityException: Method calls not allowed >>>> on >>>> [java.lang.String] at org.codehaus.groovy.control.customizers. >>>> SecureASTCustomizer$SecuringCodeVisitor.visitMethodCallExpression(SecureASTCustomizer.java:855) >>>> >>>> at >>>> org.codehaus.groovy.ast.expr.MethodCallExpression.visit(MethodCallExpression.java:64) >>>> >>>> at org.codehaus.groovy.control.customizers.SecureASTCustomizer$ >>>> SecuringCodeVisitor.visitBinaryExpression(SecureASTCustomizer.java:897) >>>> at >>>> org.codehaus.groovy.ast.expr.BinaryExpression.visit(BinaryExpression.java:49) >>>> >>>> at org.codehaus.groovy.control.customizers.SecureASTCustomizer$ >>>> SecuringCodeVisitor.visitBinaryExpression(SecureASTCustomizer.java:896) >>>> at >>>> org.codehaus.groovy.ast.expr.BinaryExpression.visit(BinaryExpression.java:49) >>>> >>>> at org.codehaus.groovy.control.customizers.SecureASTCustomizer$ >>>> SecuringCodeVisitor.visitBinaryExpression(SecureASTCustomizer.java:896) >>>> at >>>> org.codehaus.groovy.ast.expr.BinaryExpression.visit(BinaryExpression.java:49) >>>> >>>> at org.codehaus.groovy.control.customizers.SecureASTCustomizer$ >>>> SecuringCodeVisitor.visitExpressionStatement(SecureASTCustomizer.java:777) >>>> at >>>> org.codehaus.groovy.ast.stmt.ExpressionStatement.visit(ExpressionStatement.java:40) >>>> >>>> at org.codehaus.groovy.control.customizers.SecureASTCustomizer$ >>>> SecuringCodeVisitor.visitBlockStatement(SecureASTCustomizer.java:737) >>>> at >>>> org.codehaus.groovy.ast.stmt.BlockStatement.visit(BlockStatement.java:69) >>>> at >>>> org.codehaus.groovy.control.customizers.SecureASTCustomizer.call(SecureASTCustomizer.java:552) >>>> >>>> at org.codehaus.groovy.control.CompilationUnit. >>>> applyToPrimaryClassNodes(CompilationUnit.java:1047) at >>>> org.codehaus.groovy.control.CompilationUnit.doPhaseOperation(CompilationUnit.java:583) >>>> >>>> at >>>> org.codehaus.groovy.control.CompilationUnit.processPhaseOperations(CompilationUnit.java:561) >>>> >>>> at >>>> org.codehaus.groovy.control.CompilationUnit.compile(CompilationUnit.java:538) >>>> >>>> at groovy.lang.GroovyClassLoader.doParseClass(GroovyClassLoader.java:286) >>>> at groovy.lang.GroovyClassLoader.parseClass(GroovyClassLoader.java:259) >>>> at groovy.lang.GroovyClassLoader.parseClass(GroovyClassLoader.java:245) >>>> at groovy.lang.GroovyClassLoader.parseClass(GroovyClassLoader.java:203) >>>> at org.elasticsearch.script.groovy.GroovyScriptEngineService.compile( >>>> GroovyScriptEngineService.java:119) at org.elasticsearch.script. >>>> ScriptService.getCompiledScript(ScriptService.java:353) at >>>> org.elasticsearch.script.ScriptService.compile(ScriptService.java:339) >>>> at org.elasticsearch.script.ScriptService.search(ScriptService.java:475) >>>> at org.elasticsearch.search.aggregations.support.ValuesSourceParser. >>>> createScript(ValuesSourceParser.java:193) at org.elasticsearch.search. >>>> aggregations.support.ValuesSourceParser.config(ValuesSourceParser.java:153) >>>> >>>> at org.elasticsearch.search.aggregations.bucket.terms. >>>> TermsParser.parse(TermsParser.java:57) at org.elasticsearch.search. >>>> aggregations.AggregatorParsers.parseAggregators(AggregatorParsers.java:130) >>>> >>>> at org.elasticsearch.search.aggregations.AggregatorParsers. >>>> parseAggregators(AggregatorParsers.java:120) at >>>> org.elasticsearch.search.aggregations.AggregatorParsers. >>>> parseAggregators(AggregatorParsers.java:77) at >>>> org.elasticsearch.search.aggregations.AggregationParseElement.parse( >>>> AggregationParseElement.java:60) at org.elasticsearch.search. >>>> SearchService.parseSource(SearchService.java:665) at >>>> org.elasticsearch.search.SearchService.createContext(SearchService.java:537) >>>> >>>> at >>>> org.elasticsearch.search.SearchService.createAndPutContext(SearchService.java:509) >>>> >>>> at >>>> org.elasticsearch.search.SearchService.executeQueryPhase(SearchService.java:264) >>>> >>>> at org.elasticsearch.search.action.SearchServiceTransportAction$5.call( >>>> SearchServiceTransportAction.java:231) at org.elasticsearch.search. >>>> action.SearchServiceTransportAction$5.call( >>>> SearchServiceTransportAction.java:228) at org.elasticsearch.search. >>>> action.SearchServiceTransportAction$23.run( >>>> SearchServiceTransportAction.java:559) at java.util.concurrent. >>>> ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at >>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >>>> >>>> at java.lang.Thread.run(Thread.java:745) 1 error ]]; >>>> }{[-Li6K0zKQnW-QBA1Y7xblQ][log-2014-03][0]: RemoteTransportException[[ >>>> sql1][inet[/10.16.75.3:9300]][indices:data/read/search[phase/query]]]; >>>> >>> >>> Le mercredi 10 décembre 2014 11:06:37 UTC+1, Jörg Prante a écrit : >>>> >>>> Can you post the security exception? >>>> >>>> Jörg >>>> >>>> On Wed, Dec 10, 2014 at 11:02 AM, Dunaeth <[email protected]> wrote: >>>> >>>>> Hi, >>>>> >>>>> With ES 1.4, the default scripting language switched from mvel to >>>>> groovy. We were using script fields in our queries like >>>>> «String.format('%02d',doc.date.date.monthOfYear)», is there a way to >>>>> achieve the same result using groovy ? ATM, we're experiencing security >>>>> exceptions, method calls not allowed. >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "elasticsearch" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit https://groups.google.com/d/ >>>>> msgid/elasticsearch/d9afcc9a-f4a5-411f-9fd2-0c51f44a5f2a% >>>>> 40googlegroups.com >>>>> <https://groups.google.com/d/msgid/elasticsearch/d9afcc9a-f4a5-411f-9fd2-0c51f44a5f2a%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> -- >> You received this message because you are subscribed to the Google Groups >> "elasticsearch" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/elasticsearch/ce3d5233-d0cb-41a5-8797-92fa3275fb26%40googlegroups.com >> >> <https://groups.google.com/d/msgid/elasticsearch/ce3d5233-d0cb-41a5-8797-92fa3275fb26%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/e87161b5-dd84-4a38-8dfd-47bd765133be%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
