[GitHub] [tinkerpop] spmallette opened pull request #1231: TINKERPOP-2266 Start keep alive polling on Connection construction
https://issues.apache.org/jira/browse/TINKERPOP-2266 If nothing writes to the Connection then keep alive doesn't start which might let it die in the pool if it is not used at some point. Builds with `mvn clean install && mvn verify -pl gremlin-server -DskipIntegrationTests=false` VOTE +1 [ Full content available at: https://github.com/apache/tinkerpop/pull/1231 ] This message was relayed via gitbox.apache.org for dev@tinkerpop.apache.org
[jira] [Commented] (TINKERPOP-2266) Keep alive not started at connection creation
[ https://issues.apache.org/jira/browse/TINKERPOP-2266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16997234#comment-16997234 ] ASF GitHub Bot commented on TINKERPOP-2266: --- spmallette commented on pull request #1231: TINKERPOP-2266 Start keep alive polling on Connection construction URL: https://github.com/apache/tinkerpop/pull/1231 https://issues.apache.org/jira/browse/TINKERPOP-2266 If nothing writes to the Connection then keep alive doesn't start which might let it die in the pool if it is not used at some point. Builds with `mvn clean install && mvn verify -pl gremlin-server -DskipIntegrationTests=false` VOTE +1 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Keep alive not started at connection creation > - > > Key: TINKERPOP-2266 > URL: https://issues.apache.org/jira/browse/TINKERPOP-2266 > Project: TinkerPop > Issue Type: Bug > Components: driver >Affects Versions: 3.3.5 >Reporter: Christian Howe >Priority: Major > > I keep seeing connections in the connection pool being closed in the Gremlin > Java driver, and it looks like there are no keep alive messages being sent to > keep the connection open. However, after a write happens to the connection, > the keep alive seems to start and keep the connection open, based on > observations from tcpdump. The problem with this is that sometimes when we > make a query to the client, we get a connection which is closed, and an > exception is thrown. This results in an increase in customer-impacting > faults, and retries are likely to pull down another connection which is also > closed in a pool with a lot of connections. Larger pools are necessary with > longer running queries to have sufficient concurrency. > It looks like [when keep alive was > added|https://github.com/apache/tinkerpop/pull/433], it was written to only > start the keep alive after there is a write to the connection. In the case > where a connection is created as part of a connection pool during > initialization, I can't find where any write would be made to start the keep > alive. Is there another a mechanism to start this keep alive when a > connection is created? -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (TINKERPOP-1575) Improve use of Neo4j indicies for common searches
[
https://issues.apache.org/jira/browse/TINKERPOP-1575?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stephen Mallette updated TINKERPOP-1575:
Description:
When using a Neo4j-based graph, indicies are not used when more than one label
is searched for.
{noformat}
gremlin> g.V().hasLabel("alpha").has("myProp", 10)
Final Traversal [Neo4jGraphStep(vertex,[~label.eq(alpha),myProp.eq(10)]))]
gremlin> g.V().hasLabel("alpha", "beta").has("myProp", 10)
Final Traversal
[Neo4jGraphStep(vertex,[~label.within(alpha,beta),myProp.eq(10)]))]
{noformat}
Another example where indices are not used:
{code}
g.V().hasLabel('person').has(objId,within('test1','test2'))
{code}
was:
When using a Neo4j-based graph, indicies are not used when more than one label
is searched for.
{noformat}
gremlin> g.V().hasLabel("alpha").has("myProp", 10)
Final Traversal [Neo4jGraphStep(vertex,[~label.eq(alpha),myProp.eq(10)]))]
gremlin> g.V().hasLabel("alpha", "beta").has("myProp", 10)
Final Traversal
[Neo4jGraphStep(vertex,[~label.within(alpha,beta),myProp.eq(10)]))]
{noformat}
Summary: Improve use of Neo4j indicies for common searches (was: Neo4j
indicies not used when multiple labels are searched for)
> Improve use of Neo4j indicies for common searches
> -
>
> Key: TINKERPOP-1575
> URL: https://issues.apache.org/jira/browse/TINKERPOP-1575
> Project: TinkerPop
> Issue Type: Improvement
> Components: neo4j
>Affects Versions: 3.2.3
>Reporter: Branden Moore
>Priority: Trivial
>
> When using a Neo4j-based graph, indicies are not used when more than one
> label is searched for.
> {noformat}
> gremlin> g.V().hasLabel("alpha").has("myProp", 10)
> Final Traversal [Neo4jGraphStep(vertex,[~label.eq(alpha),myProp.eq(10)]))]
> gremlin> g.V().hasLabel("alpha", "beta").has("myProp", 10)
> Final Traversal
> [Neo4jGraphStep(vertex,[~label.within(alpha,beta),myProp.eq(10)]))]
> {noformat}
> Another example where indices are not used:
> {code}
> g.V().hasLabel('person').has(objId,within('test1','test2'))
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Closed] (TINKERPOP-2326) the query which contains the 'within' statement do not use the index, the query speed is too slower(in the neo4j-gremlin module)
[
https://issues.apache.org/jira/browse/TINKERPOP-2326?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stephen Mallette closed TINKERPOP-2326.
---
Resolution: Duplicate
I hope you don't mind but I'm going to merge this issue into an older existing
one - TINKERPOP-1575 - as this is a wide ranging issue that could generally use
some attention. Please feel free to comment over on the other issue if you have
further thoughts or if you care to discuss ways this might be fixed if you have
the inclination to offer a pull request.
> the query which contains the 'within' statement do not use the index, the
> query speed is too slower(in the neo4j-gremlin module)
> -
>
> Key: TINKERPOP-2326
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2326
> Project: TinkerPop
> Issue Type: Improvement
> Components: neo4j
>Affects Versions: 3.4.3
>Reporter: shh
>Priority: Major
> Labels: performance
>
> g.V().hasLabel('person').has(objId,within('test1','test2')) ; and index
> of the objId filed has existed.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (TINKERPOP-2262) Improve Netty protocol handling
[ https://issues.apache.org/jira/browse/TINKERPOP-2262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16997355#comment-16997355 ] ASF GitHub Bot commented on TINKERPOP-2262: --- spmallette commented on pull request #1232: TINKERPOP-2262 Prevented channel close by server on protocol error URL: https://github.com/apache/tinkerpop/pull/1232 https://issues.apache.org/jira/browse/TINKERPOP-2262 Allows the channel on the driver to be reused rather than replaced. Interestingly no additional error handling seemed to be needed as all tests passed. Builds with `mvn clean install && mvn verify -pl gremlin-server -DskipIntegrationTests=false` VOTE +1 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Improve Netty protocol handling > --- > > Key: TINKERPOP-2262 > URL: https://issues.apache.org/jira/browse/TINKERPOP-2262 > Project: TinkerPop > Issue Type: Improvement > Components: driver, server >Affects Versions: 3.3.7, 3.4.2 >Reporter: Divij Vaidya >Priority: Major > > 4.1.37 adds [https://github.com/netty/netty/pull/9116] which is critical to > the stability of the Java Client. > After the upgrade a follow-up task would : > 1. change the Java Client to set the newly introduced flag > "closeOnProtocolViolation" to false. This would prevent causing all the other > requests using the same channel to fail when a single request causes a > protocol violation. > 2. introduce the protocol exception error handling code on the client to > handle protocol violation exceptions. Currently, the code force replaces the > channel, thus closing all the other requests being served on the channel.[ > https://netty.io/news/2019/06/28/4-1-37-Final.html] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Closed] (TINKERPOP-2307) Add better error message for badly configured Channelizer
[
https://issues.apache.org/jira/browse/TINKERPOP-2307?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stephen Mallette closed TINKERPOP-2307.
---
Fix Version/s: 3.3.10
3.4.5
3.5.0
Resolution: Done
Fixed via CTR -
https://github.com/apache/tinkerpop/commit/67220e46f02ca54d03e2edb77878d707e821849d
> Add better error message for badly configured Channelizer
> -
>
> Key: TINKERPOP-2307
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2307
> Project: TinkerPop
> Issue Type: Improvement
> Components: driver
>Affects Versions: 3.3.9
>Reporter: Stephen Mallette
>Assignee: Stephen Mallette
>Priority: Minor
> Fix For: 3.5.0, 3.4.5, 3.3.10
>
>
> If you add a bad configuration for the {{Channelizer}} in the Java driver
> like:
> {code}
> connectionPool: { channelizer: Channelizer.WebSocketChannelizer }
> {code}
> Then the host just gets marked as dead and it's not clear as to why.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (TINKERPOP-2315) Implement some form of clone() or reset() for Traversal in GLVs
[
https://issues.apache.org/jira/browse/TINKERPOP-2315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16997450#comment-16997450
]
ASF GitHub Bot commented on TINKERPOP-2315:
---
spmallette commented on pull request #1233: TINKERPOP-2315 Implement clone()
for all GLVs
URL: https://github.com/apache/tinkerpop/pull/1233
https://issues.apache.org/jira/browse/TINKERPOP-2315
Hard to believe we didn't have `clone()` in place across the board. There
might have been some more idiomatic ways to implements this per language but I
decided to stick with `clone()` as it is in Java for all languages. Just felt
like it should be consistent. Happy to hear other opinions on that matter, but
besides that:
Builds with `mvn clean install`
VOTE +1
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Implement some form of clone() or reset() for Traversal in GLVs
> ---
>
> Key: TINKERPOP-2315
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2315
> Project: TinkerPop
> Issue Type: Improvement
> Components: dotnet, javascript, python
>Affects Versions: 3.3.9
>Reporter: Stephen Mallette
>Priority: Major
>
> There doesn't seem to be a method to do what we do in Java fairly often:
> {code}
> attached = g.V().hasLabel('OID').out('attached')
> assert attached.clone().count().next() == 4
> uids = attached.clone().dedup().toList()
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Closed] (TINKERPOP-1015) InputRDD and InputFormat to load into HadoopGraph from any Graph System
[
https://issues.apache.org/jira/browse/TINKERPOP-1015?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stephen Mallette closed TINKERPOP-1015.
---
Resolution: Won't Do
As there was never any real user feedback on this one and we never implemented,
I'm just going to close it out. We'll let providers decide whether to support
an {{InputRdd}} or not.
> InputRDD and InputFormat to load into HadoopGraph from any Graph System
> ---
>
> Key: TINKERPOP-1015
> URL: https://issues.apache.org/jira/browse/TINKERPOP-1015
> Project: TinkerPop
> Issue Type: Improvement
> Components: hadoop
>Affects Versions: 3.1.0-incubating
>Reporter: Marko A. Rodriguez
>Priority: Major
>
> I just recently added {{ToyGraphInputRDD}} to test InputRDD stuff against the
> full test suite. Check out it works:
> {code}
> public final class ToyGraphInputRDD implements InputRDD {
> public static final String GREMLIN_SPARK_TOY_GRAPH =
> "gremlin.spark.toyGraph";
> @Override
> public JavaPairRDD readGraphRDD(final
> Configuration configuration, final JavaSparkContext sparkContext) {
> final List vertices;
> if
> (configuration.getProperty(GREMLIN_SPARK_TOY_GRAPH).equals(LoadGraphWith.GraphData.MODERN.toString()))
> vertices =
> IteratorUtils.list(TinkerFactory.createModern().vertices());
> else if
> (configuration.getProperty(GREMLIN_SPARK_TOY_GRAPH).equals(LoadGraphWith.GraphData.CLASSIC.toString()))
> vertices =
> IteratorUtils.list(TinkerFactory.createClassic().vertices());
> else if
> (configuration.getProperty(GREMLIN_SPARK_TOY_GRAPH).equals(LoadGraphWith.GraphData.CREW.toString()))
> vertices =
> IteratorUtils.list(TinkerFactory.createTheCrew().vertices());
> else if
> (configuration.getProperty(GREMLIN_SPARK_TOY_GRAPH).equals(LoadGraphWith.GraphData.GRATEFUL.toString()))
> {
> try {
> final Graph graph = TinkerGraph.open();
>
> graph.io(GryoIo.build()).readGraph(GryoResourceAccess.class.getResource("grateful-dead.kryo").getFile());
> vertices = IteratorUtils.list(graph.vertices());
> } catch (final IOException e) {
> throw new IllegalStateException(e.getMessage(), e);
> }
> } else
> throw new IllegalArgumentException("No legal toy graph was
> provided to load: " + configuration.getProperty(GREMLIN_SPARK_TOY_GRAPH));
> return
> sparkContext.parallelize(vertices.stream().map(VertexWritable::new).collect(Collectors.toList())).mapToPair(vertex
> -> new Tuple2<>(vertex.get().id(), vertex));
> }
> }
> {code}
> In principle, we could have a {{DefaultInputRDD}} and {{DefaultInputFormat}}
> that do this:
> {code}
> public final class DefaultInputRDD implements InputRDD {
> @Override
> public JavaPairRDD readGraphRDD(final
> Configuration configuration, final JavaSparkContext sparkContext) {
> Graph graph = GraphFactory.open(configuration);
> return
> sparkContext.parallelize(graph.vertices().stream().map(VertexWritable::new).collect(Collectors.toList())).mapToPair(vertex
> -> new Tuple2<>(vertex.get().id(), vertex));
> }
> }
> {code}
> It would be a serial/single-threaded load, but it would allow any OLTP graph
> system to use Spark/Giraph/etc.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Closed] (TINKERPOP-1017) Get InputRDDFormat to work with Multiple Splits
[
https://issues.apache.org/jira/browse/TINKERPOP-1017?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stephen Mallette closed TINKERPOP-1017.
---
Resolution: Won't Do
> Get InputRDDFormat to work with Multiple Splits
> ---
>
> Key: TINKERPOP-1017
> URL: https://issues.apache.org/jira/browse/TINKERPOP-1017
> Project: TinkerPop
> Issue Type: Improvement
> Components: hadoop
>Affects Versions: 3.1.1-incubating
>Reporter: Marko A. Rodriguez
>Priority: Major
>
> {{InputFormatRDD}} was recently added to enable {{HadoopGraph}} to OLTP
> stream in {{InputRDD}} data. It is currently single threaded. I tried to make
> it parallel, but ran into some {{Exceptions}} I didn't understand. For OLTP
> it doesn't matter, however, it would be good to make it work with multiple
> Hadoop {{InputSplits}} and then, Hadoop could read from Spark in OLAP too :).
> I don't know why that would ever be used... ? But if its easy enough to do,
> just do it.
> [~rspitzer] --- When https://issues.apache.org/jira/browse/TINKERPOP-1011 you
> will see {{InputFormatRDD}}. You might have an idea on how to do this. If you
> care -- no worries though.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Closed] (TINKERPOP-2247) Server should respect charset specified in request header
[ https://issues.apache.org/jira/browse/TINKERPOP-2247?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Stephen Mallette closed TINKERPOP-2247. --- Resolution: Won't Do Closing given my previous comment... > Server should respect charset specified in request header > - > > Key: TINKERPOP-2247 > URL: https://issues.apache.org/jira/browse/TINKERPOP-2247 > Project: TinkerPop > Issue Type: Improvement > Components: server >Affects Versions: 3.3.7 >Reporter: Divij Vaidya >Priority: Minor > > Currently, the server uses UTF-8 as its default charset and that is hardcoded > in the system [1], irrespective of the content-type provided in the request. > This task is to read the charset from the HTTP Content-Type header and use > the charset to encode the response string. > > [1][https://github.com/apache/tinkerpop/blob/master/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/HttpGremlinEndpointHandler.java#L254] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (TINKERPOP-2175) Executor thread is not returned on channel close
[ https://issues.apache.org/jira/browse/TINKERPOP-2175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16997538#comment-16997538 ] ASF GitHub Bot commented on TINKERPOP-2175: --- spmallette commented on pull request #1234: TINKERPOP-2175 Better manage the executor thread on close. URL: https://github.com/apache/tinkerpop/pull/1234 https://issues.apache.org/jira/browse/TINKERPOP-2175 Pretty much implemented as described in the JIRA - make sense to me to check for an active channel in addition to writeability. Builds with `mvn clean install && mvn verify -pl gremlin-server -DskipIntegrationTests=false` VOTE +1 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Executor thread is not returned on channel close > > > Key: TINKERPOP-2175 > URL: https://issues.apache.org/jira/browse/TINKERPOP-2175 > Project: TinkerPop > Issue Type: Bug > Components: driver >Affects Versions: 3.4.0, 3.3.5 >Reporter: Divij Vaidya >Priority: Major > > This issue was originally discussed in > https://issues.apache.org/jira/browse/TINKERPOP-2169 > Due to an error (such as CorruptedFrameException) a client might decide to > close the Netty channel to the server with a CloseWebsocketFrame. On the > server, although the channel gets closed, there might be some executor > threads waiting for watermark to clear which will not clear in these cases > since client has already given up on these requests. This leads to these > executors waiting for the client to consume results till the timeout. > A simple fix would be to check for channel.isActive() while waiting for > channel to become writable at [1] and [2]. > > [1][https://github.com/apache/tinkerpop/blob/d1a3fa147d1f009ae57274827c9b59426dfc6e58/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/op/traversal/TraversalOpProcessor.java#L533] > > [2][https://github.com/apache/tinkerpop/blob/d1a3fa147d1f009ae57274827c9b59426dfc6e58/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/op/AbstractOpProcessor.java#L141] > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (TINKERPOP-2320) [SECURITY] XMLInputFactory initialization in GraphMLReader introduces
[
https://issues.apache.org/jira/browse/TINKERPOP-2320?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16997558#comment-16997558
]
ASF GitHub Bot commented on TINKERPOP-2320:
---
rdtr commented on pull request #1230: TINKERPOP-2320 allow to pass custom
XmlInputFactory when instantiating GraphMLReader
URL: https://github.com/apache/tinkerpop/pull/1230
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> [SECURITY] XMLInputFactory initialization in GraphMLReader introduces
> --
>
> Key: TINKERPOP-2320
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2320
> Project: TinkerPop
> Issue Type: Improvement
> Components: io
>Affects Versions: 3.4.4
>Reporter: Norio Akagi
>Priority: Major
>
> I use TinkerPop in my company and now the security team had audits and
> reported that this part in GraphML reader may introduce XXE vulnerabilities.
> {{private final XMLInputFactory inputFactory =
> XMLInputFactory.newInstance();}}
> Some document recommends to add some properties to protect it as follows:
> [https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#xmlinputfactory-a-stax-parser]
> So I am wondering if I can either
> 1. just hard-code to set these properties in the constructor of GraphMLReader
> (it will break the existing behavior if users use it)
> 2. somehow make these properties configurable so that we can pass some flags
> and depending on the flags, we initialize GraphMLReader with those properties.
> Any recommendation ? I am happy to add implementation to handle it but need
> some input which direction I'd take.
> Thanks.
> Norio
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[GitHub] [tinkerpop] rdtr commented on issue #1230: TINKERPOP-2320 allow to pass custom XmlInputFactory when instantiating GraphMLReader
Sorry, rebasing directly on Github UI seems not a good solution to base onto `tp34`... I will make another PR. Thanks. [ Full content available at: https://github.com/apache/tinkerpop/pull/1230 ] This message was relayed via gitbox.apache.org for dev@tinkerpop.apache.org
[GitHub] [tinkerpop] rdtr opened pull request #1235: TINKERPOP-2320 allow to pass custom XmlInputFactory when instantiating GraphMLReader
This pull request is a revised one from https://github.com/apache/tinkerpop/pull/1230. Some provider wants to use XMLInputFactory with more secure configurations. This change makes it possible to pass XMLInputFactory when instantiating GraphMLReader. I don't add any tests right now, I want to first confirm if this direction is OK. If yes, please suggest any tests that I need to add. Thanks ! [ Full content available at: https://github.com/apache/tinkerpop/pull/1235 ] This message was relayed via gitbox.apache.org for dev@tinkerpop.apache.org
[jira] [Commented] (TINKERPOP-2320) [SECURITY] XMLInputFactory initialization in GraphMLReader introduces
[
https://issues.apache.org/jira/browse/TINKERPOP-2320?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16997569#comment-16997569
]
ASF GitHub Bot commented on TINKERPOP-2320:
---
rdtr commented on pull request #1235: TINKERPOP-2320 allow to pass custom
XmlInputFactory when instantiating GraphMLReader
URL: https://github.com/apache/tinkerpop/pull/1235
This pull request is a revised one from
https://github.com/apache/tinkerpop/pull/1230.
Some provider wants to use XMLInputFactory with more secure configurations.
This change makes it possible to pass XMLInputFactory when instantiating
GraphMLReader.
I don't add any tests right now, I want to first confirm if this direction
is OK. If yes, please suggest any tests that I need to add. Thanks !
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> [SECURITY] XMLInputFactory initialization in GraphMLReader introduces
> --
>
> Key: TINKERPOP-2320
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2320
> Project: TinkerPop
> Issue Type: Improvement
> Components: io
>Affects Versions: 3.4.4
>Reporter: Norio Akagi
>Priority: Major
>
> I use TinkerPop in my company and now the security team had audits and
> reported that this part in GraphML reader may introduce XXE vulnerabilities.
> {{private final XMLInputFactory inputFactory =
> XMLInputFactory.newInstance();}}
> Some document recommends to add some properties to protect it as follows:
> [https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#xmlinputfactory-a-stax-parser]
> So I am wondering if I can either
> 1. just hard-code to set these properties in the constructor of GraphMLReader
> (it will break the existing behavior if users use it)
> 2. somehow make these properties configurable so that we can pass some flags
> and depending on the flags, we initialize GraphMLReader with those properties.
> Any recommendation ? I am happy to add implementation to handle it but need
> some input which direction I'd take.
> Thanks.
> Norio
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[GitHub] [tinkerpop] rdtr commented on issue #1230: TINKERPOP-2320 allow to pass custom XmlInputFactory when instantiating GraphMLReader
I just created a new PR: https://github.com/apache/tinkerpop/pull/1235 Let's continue the discussion there. Thanks! [ Full content available at: https://github.com/apache/tinkerpop/pull/1230 ] This message was relayed via gitbox.apache.org for dev@tinkerpop.apache.org
[GitHub] [tinkerpop] spmallette commented on pull request #1235: TINKERPOP-2320 allow to pass custom XmlInputFactory when instantiating GraphMLReader
No need to add the JIRA number - those get added separately on release. [ Full content available at: https://github.com/apache/tinkerpop/pull/1235 ] This message was relayed via gitbox.apache.org for dev@tinkerpop.apache.org
[GitHub] [tinkerpop] rdtr commented on pull request #1235: TINKERPOP-2320 allow to pass custom XmlInputFactory when instantiating GraphMLReader
Sorry I was lazy... this should have been ``` if (this.inputFactory == null) ``` I updated the PR. Thanks! [ Full content available at: https://github.com/apache/tinkerpop/pull/1235 ] This message was relayed via gitbox.apache.org for dev@tinkerpop.apache.org
