Thanks Emanuel and Mike for answers, Interestingly, "Script File" allows "variable register only" expression language scope. Since we would want to run a different script for each flow file it would also not work for us :(
Since our use-case is to run Javascript code, we are looking at 2 options: 1) Modifying Execute Script Processor code itself. 2) Calling external serverless service to run Javascript. Let us know your thoughts. Regards Anurag On Thu, Feb 6, 2020 at 5:17 AM Mike Thomsen <[email protected]> wrote: > What you probably should do for security sake is use flowfile attributes > and/or dynamic properties on ExecuteScript to dynamic identify a script on > the file system to execute and what parameters to give it for configuring > it. > > On Wed, Feb 5, 2020 at 6:45 PM Mike Thomsen <[email protected]> > wrote: > >> > What are all possible ways to achieve this functionality? >> >> An eval function. Don't know the right way to do it with Nashorn, but in >> Groovy you could accomplish this like this: >> >> def ff = session.get() >> if (ff) { >> def attr_val = ff.getAttribute("myScript") >> def result = Eval.me(attr_val) >> } >> >> That said, I'd definitely get signoffs from other parties on how this >> fits in because if the people don't sanitize the config files, you've just >> created a remote code execution hole in your ETL pipeline. >> >> Hope that helps. >> >> On Wed, Feb 5, 2020 at 2:15 PM Anurag Sharma <[email protected]> >> wrote: >> >>> Hi, >>> >>> >>> We are trying to create a generic data flow where configuration will be >>> received as JSON. Configuration will have a JavaScript to be executed. >>> >>> >>> >>> We are stuck on how to execute the script we received in configuration, >>> as the ExecuteScript processor needs either scriptPath or scriptBody. But >>> in our case script will be in flowFile's attribute. >>> >>> >>> >>> What are all possible ways to achieve this functionality? >>> >>> >>> >>> Along with this, the script should not be able to access the 'session' >>> and 'context' variables available in the ExecuteScript processor. So how to >>> sanitise the script before execution? >>> >>> >>> Regards >>> >>> Anurag >>> >>
