[
https://issues.apache.org/jira/browse/NUTCH-3168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18073024#comment-18073024
]
ASF GitHub Bot commented on NUTCH-3168:
---------------------------------------
lewismc opened a new pull request, #909:
URL: https://github.com/apache/nutch/pull/909
PR for [NUTCH-3168](https://issues.apache.org/jira/browse/NUTCH-3168).
Some unit tests validate basic/common Jexl expressions and some edge cases.
I decided to implement a brand new configuration property
`nutch.jexl.disable.sandbox` which allows users in trusted environments to
bypass the sandbox. Another important design consideration was to maintain
compatibility with ALL existing Jexl scripts users may have written prior to
this patch.
> Sandbox Commons JEXL usage in crawl and index pipelines
> -------------------------------------------------------
>
> Key: NUTCH-3168
> URL: https://issues.apache.org/jira/browse/NUTCH-3168
> Project: Nutch
> Issue Type: Bug
> Components: crawldb, indexer
> Affects Versions: 1.22
> Reporter: Lewis John McGibbney
> Assignee: Lewis John McGibbney
> Priority: Blocker
> Fix For: 1.23
>
>
> Apply Commons JEXL sandboxing consistently wherever expressions are parsed;
> align duplicate JEXL engine construction; add regression tests; document
> secure deployment expectations for plugin directories.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
