Unfortunately, it is not working even with "enable_user_defined_functions_threads: false" in cassandra.yaml :/ Is there any way to check the running configuration?
Le lun. 28 mars 2022 à 15:35, Benjamin Lerer <ble...@apache.org> a écrit : > I do not think that allowing to customize UDF classes whitelist has been > discussed before. Feel free to open a JIRA ticket :-) > I have some plans to revisit how we securise UDFs as the current threading > approach has some impact in terms of latency. That can be a good > opportunity to look into providing more flexibility. > > Le lun. 28 mars 2022 à 15:00, Sébastien Rebecchi <srebec...@kameleoon.com> > a écrit : > >> Thanks you very much! I will try that. >> As you know, would it be a long-terms solution? Or is there any plan to >> add the possibility to customize UDF classes whitelist? >> >> Le lun. 28 mars 2022 à 14:31, Benjamin Lerer <ble...@apache.org> a >> écrit : >> >>> Is there a way to customize that default behaviour? >>> >>> >>> Looking at JavaBasedUDFunction quickly it seems that the ClassLoader is >>> only used when you use the UDFExecutorService to execute your UDFs. You >>> can try to disable it using "enable_user_defined_functions_threads: false" >>> and see if it works. >>> Now that also means that you have to ensure that only trusted persons >>> can create UDF or UDA as it removes all safety mechanisms. >>> >>> Le lun. 28 mars 2022 à 13:23, Sébastien Rebecchi < >>> srebec...@kameleoon.com> a écrit : >>> >>>> Hi Benjamin, >>>> >>>> Thanks for the answer. >>>> Is there a way to customize that default behaviour? If no, could you >>>> indicate where to find this class loader in the github of Cassandra please? >>>> >>>> Le lun. 28 mars 2022 à 12:40, Benjamin Lerer <ble...@apache.org> a >>>> écrit : >>>> >>>>> Hi Sébastien, >>>>> >>>>> Cassandra uses a special classloader for UDFs that limit which classes >>>>> can be used. >>>>> You cannot rely on non-JDK classes for UDFs and some of the JDK >>>>> packages like the IO package for example cannot be used. >>>>> The goal is simply to ensure that UDFs cannot compromise the server >>>>> security. >>>>> >>>>> Le lun. 28 mars 2022 à 11:31, Sébastien Rebecchi < >>>>> srebec...@kameleoon.com> a écrit : >>>>> >>>>>> Hello, >>>>>> >>>>>> I am trying to create a UDF based on custom methods. >>>>>> So I set enable_user_defined_functions to true and added a jar in >>>>>> "/usr/share/cassandra/lib/" folder on every node, restarted the nodes >>>>>> and I >>>>>> can see from the command line that the jar is indeed used (in the >>>>>> classpath >>>>>> with -cp). >>>>>> >>>>>> But when i create the UDF I got that error: >>>>>> >>>>>> CREATE OR REPLACE FUNCTION blobToJson (input blob) RETURNS NULL ON >>>>>> NULL INPUT RETURNS text LANGUAGE java AS 'return >>>>>> com.kameleoon.visit.Visit.writeToJson(com.kameleoon.visit.Visit.readFromByteBuffer(input));'; >>>>>> InvalidRequest: Error from server: code=2200 [Invalid query] >>>>>> message="Java source compilation failed: >>>>>> Line 1: com.kameleoon.visit.Visit cannot be resolved to a type >>>>>> Line 1: com.kameleoon.visit.Visit cannot be resolved to a type >>>>>> >>>>>> Of course the class com.kameleoon.visit.Visit does exist in the jar >>>>>> and the jar has read rights to every user (chmod 444). So I can not find >>>>>> the reason. >>>>>> >>>>>> versions are: [cqlsh 6.0.0 | Cassandra 4.0.1 | CQL spec 3.4.5 | >>>>>> Native protocol v5] >>>>>> >>>>>> Any help would be appreciated! >>>>>> >>>>>> Thanks! >>>>>> >>>>>> Sébastien. >>>>>> >>>>>
