> What are all possible ways to achieve this functionality?
An eval function. Don't know the right way to do it with Nashorn, but in
Groovy you could accomplish this like this:
def ff = session.get()
if (ff) {
def attr_val = ff.getAttribute("myScript")
def result = Eval.me(attr_val)
}
That said, I'd definitely get signoffs from other parties on how this fits
in because if the people don't sanitize the config files, you've just
created a remote code execution hole in your ETL pipeline.
Hope that helps.
On Wed, Feb 5, 2020 at 2:15 PM Anurag Sharma <[email protected]>
wrote:
> Hi,
>
>
> We are trying to create a generic data flow where configuration will be
> received as JSON. Configuration will have a JavaScript to be executed.
>
>
>
> We are stuck on how to execute the script we received in configuration, as
> the ExecuteScript processor needs either scriptPath or scriptBody. But in
> our case script will be in flowFile's attribute.
>
>
>
> What are all possible ways to achieve this functionality?
>
>
>
> Along with this, the script should not be able to access the 'session' and
> 'context' variables available in the ExecuteScript processor. So how to
> sanitise the script before execution?
>
>
> Regards
>
> Anurag
>
