Hi! Do you have any more ideas for me? Cordially, Sébastien. Le lun. 28 mars 2022 à 16:39, Sébastien Rebecchi <srebec...@kameleoon.com> a écrit :
> Unfortunately, it is not working even with > "enable_user_defined_functions_threads: false" in cassandra.yaml :/ > Is there any way to check the running configuration? > > Le lun. 28 mars 2022 à 15:35, Benjamin Lerer <ble...@apache.org> a écrit : > >> I do not think that allowing to customize UDF classes whitelist has been >> discussed before. Feel free to open a JIRA ticket :-) >> I have some plans to revisit how we securise UDFs as the current >> threading approach has some impact in terms of latency. That can be a good >> opportunity to look into providing more flexibility. >> >> Le lun. 28 mars 2022 à 15:00, Sébastien Rebecchi <srebec...@kameleoon.com> >> a écrit : >> >>> Thanks you very much! I will try that. >>> As you know, would it be a long-terms solution? Or is there any plan to >>> add the possibility to customize UDF classes whitelist? >>> >>> Le lun. 28 mars 2022 à 14:31, Benjamin Lerer <ble...@apache.org> a >>> écrit : >>> >>>> Is there a way to customize that default behaviour? >>>> >>>> >>>> Looking at JavaBasedUDFunction quickly it seems that the ClassLoader >>>> is only used when you use the UDFExecutorService to execute your UDFs. >>>> You can try to disable it using "enable_user_defined_functions_threads: >>>> false" and see if it works. >>>> Now that also means that you have to ensure that only trusted persons >>>> can create UDF or UDA as it removes all safety mechanisms. >>>> >>>> Le lun. 28 mars 2022 à 13:23, Sébastien Rebecchi < >>>> srebec...@kameleoon.com> a écrit : >>>> >>>>> Hi Benjamin, >>>>> >>>>> Thanks for the answer. >>>>> Is there a way to customize that default behaviour? If no, could you >>>>> indicate where to find this class loader in the github of Cassandra >>>>> please? >>>>> >>>>> Le lun. 28 mars 2022 à 12:40, Benjamin Lerer <ble...@apache.org> a >>>>> écrit : >>>>> >>>>>> Hi Sébastien, >>>>>> >>>>>> Cassandra uses a special classloader for UDFs that limit which >>>>>> classes can be used. >>>>>> You cannot rely on non-JDK classes for UDFs and some of the JDK >>>>>> packages like the IO package for example cannot be used. >>>>>> The goal is simply to ensure that UDFs cannot compromise the server >>>>>> security. >>>>>> >>>>>> Le lun. 28 mars 2022 à 11:31, Sébastien Rebecchi < >>>>>> srebec...@kameleoon.com> a écrit : >>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> I am trying to create a UDF based on custom methods. >>>>>>> So I set enable_user_defined_functions to true and added a jar in >>>>>>> "/usr/share/cassandra/lib/" folder on every node, restarted the nodes >>>>>>> and I >>>>>>> can see from the command line that the jar is indeed used (in the >>>>>>> classpath >>>>>>> with -cp). >>>>>>> >>>>>>> But when i create the UDF I got that error: >>>>>>> >>>>>>> CREATE OR REPLACE FUNCTION blobToJson (input blob) RETURNS NULL ON >>>>>>> NULL INPUT RETURNS text LANGUAGE java AS 'return >>>>>>> com.kameleoon.visit.Visit.writeToJson(com.kameleoon.visit.Visit.readFromByteBuffer(input));'; >>>>>>> InvalidRequest: Error from server: code=2200 [Invalid query] >>>>>>> message="Java source compilation failed: >>>>>>> Line 1: com.kameleoon.visit.Visit cannot be resolved to a type >>>>>>> Line 1: com.kameleoon.visit.Visit cannot be resolved to a type >>>>>>> >>>>>>> Of course the class com.kameleoon.visit.Visit does exist in the jar >>>>>>> and the jar has read rights to every user (chmod 444). So I can not find >>>>>>> the reason. >>>>>>> >>>>>>> versions are: [cqlsh 6.0.0 | Cassandra 4.0.1 | CQL spec 3.4.5 | >>>>>>> Native protocol v5] >>>>>>> >>>>>>> Any help would be appreciated! >>>>>>> >>>>>>> Thanks! >>>>>>> >>>>>>> Sébastien. >>>>>>> >>>>>>
