[ https://issues.apache.org/jira/browse/CASSANDRA-12883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15802437#comment-15802437 ]
Tyler Hobbs commented on CASSANDRA-12883: ----------------------------------------- +1 > Remove support for non-JavaScript UDFs > -------------------------------------- > > Key: CASSANDRA-12883 > URL: https://issues.apache.org/jira/browse/CASSANDRA-12883 > Project: Cassandra > Issue Type: Improvement > Components: CQL > Reporter: Robert Stupp > Assignee: Robert Stupp > Priority: Minor > Fix For: 2.2.x > > > As recently reported in the user mailing list, JSR-223 languages other than > JavaScript no longer work since version 3.0. > The reason is that the sandbox implemented in CASSANDRA-9402 restricts the > use of "evil" packages, classes and functions. Unfortunately, even "non-evil" > packages from JSR-223 providers are blocked. > In order to get a JSR-223 provider working fine, we need to allow JSR-223 > provider specific packages and also allow specific runtime permissions. > The fact that "arbitrary" JSR-223 providers no longer work since 3.0 has just > been reported recently, means that this functionality (i.e. non-JavaSCript > JSR-223 UDFs) is obviously not used. > Therefore I propose to remove support for UDFs that do not use Java or > JavaScript in 4.0. This will also allow to specialize scripted UDFs on > Nashorn and allow to use its security features, although these are limited, > more extensively. (Clarification: this ticket is just about to remove that > support) > Also want to point out that we never "officially" supported UDFs that are not > Java or JavaScript. > Sample error message: > {code} > Traceback (most recent call last): > File "/usr/bin/cqlsh.py", line 1264, in perform_simple_statement > result = future.result() > File > "/usr/share/cassandra/lib/cassandra-driver-internal-only-3.5.0.post0-d8d0456.zip/cassandra-driver-3.5.0.post0-d8d0456/cassandra/cluster.py", > line 3650, in result > raise self._final_exception > FunctionFailure: Error from server: code=1400 [User Defined Function failure] > message="execution of 'e.test123[bigint]' failed: > java.security.AccessControlException: access denied: > ("java.lang.RuntimePermission" > "accessClassInPackage.org.python.jline.console") > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)