I do not think that allowing to customize UDF classes whitelist has been discussed before. Feel free to open a JIRA ticket :-) I have some plans to revisit how we securise UDFs as the current threading approach has some impact in terms of latency. That can be a good opportunity to look into providing more flexibility.
Le lun. 28 mars 2022 à 15:00, Sébastien Rebecchi <srebec...@kameleoon.com> a écrit : > Thanks you very much! I will try that. > As you know, would it be a long-terms solution? Or is there any plan to > add the possibility to customize UDF classes whitelist? > > Le lun. 28 mars 2022 à 14:31, Benjamin Lerer <ble...@apache.org> a écrit : > >> Is there a way to customize that default behaviour? >> >> >> Looking at JavaBasedUDFunction quickly it seems that the ClassLoader is >> only used when you use the UDFExecutorService to execute your UDFs. You >> can try to disable it using "enable_user_defined_functions_threads: false" >> and see if it works. >> Now that also means that you have to ensure that only trusted persons can >> create UDF or UDA as it removes all safety mechanisms. >> >> Le lun. 28 mars 2022 à 13:23, Sébastien Rebecchi <srebec...@kameleoon.com> >> a écrit : >> >>> Hi Benjamin, >>> >>> Thanks for the answer. >>> Is there a way to customize that default behaviour? If no, could you >>> indicate where to find this class loader in the github of Cassandra please? >>> >>> Le lun. 28 mars 2022 à 12:40, Benjamin Lerer <ble...@apache.org> a >>> écrit : >>> >>>> Hi Sébastien, >>>> >>>> Cassandra uses a special classloader for UDFs that limit which classes >>>> can be used. >>>> You cannot rely on non-JDK classes for UDFs and some of the JDK >>>> packages like the IO package for example cannot be used. >>>> The goal is simply to ensure that UDFs cannot compromise the server >>>> security. >>>> >>>> Le lun. 28 mars 2022 à 11:31, Sébastien Rebecchi < >>>> srebec...@kameleoon.com> a écrit : >>>> >>>>> Hello, >>>>> >>>>> I am trying to create a UDF based on custom methods. >>>>> So I set enable_user_defined_functions to true and added a jar in >>>>> "/usr/share/cassandra/lib/" folder on every node, restarted the nodes and >>>>> I >>>>> can see from the command line that the jar is indeed used (in the >>>>> classpath >>>>> with -cp). >>>>> >>>>> But when i create the UDF I got that error: >>>>> >>>>> CREATE OR REPLACE FUNCTION blobToJson (input blob) RETURNS NULL ON >>>>> NULL INPUT RETURNS text LANGUAGE java AS 'return >>>>> com.kameleoon.visit.Visit.writeToJson(com.kameleoon.visit.Visit.readFromByteBuffer(input));'; >>>>> InvalidRequest: Error from server: code=2200 [Invalid query] >>>>> message="Java source compilation failed: >>>>> Line 1: com.kameleoon.visit.Visit cannot be resolved to a type >>>>> Line 1: com.kameleoon.visit.Visit cannot be resolved to a type >>>>> >>>>> Of course the class com.kameleoon.visit.Visit does exist in the jar >>>>> and the jar has read rights to every user (chmod 444). So I can not find >>>>> the reason. >>>>> >>>>> versions are: [cqlsh 6.0.0 | Cassandra 4.0.1 | CQL spec 3.4.5 | Native >>>>> protocol v5] >>>>> >>>>> Any help would be appreciated! >>>>> >>>>> Thanks! >>>>> >>>>> Sébastien. >>>>> >>>>
