OK, that seems clear now :) I understood from our conversations that "enable_user_defined_functions_threads: false" would disable the UDF' specific class loader but it seems I understood wrongly, so the only way to use custom packages in UDF is to modify source code. Many thanks!
Le mer. 6 avr. 2022 à 16:35, bened...@apache.org <bened...@apache.org> a écrit : > The property you are setting permits some kinds of privilege escalation, > but by default classes outside of those pre-defined by the whitelist are > not permitted. This is imposed here: > https://github.com/apache/cassandra/blob/210793f943dc522161fd26b6192f38a5c83fa131/src/java/org/apache/cassandra/cql3/functions/UDFunction.java#L168 > > > > You will need to modify the source code to e.g. add additional > allowedPatterns, or perhaps to permit additional patterns to be configured > at startup. > > > > *From: *Sébastien Rebecchi <srebec...@kameleoon.com> > *Date: *Wednesday, 6 April 2022 at 15:15 > *To: *dev@cassandra.apache.org <dev@cassandra.apache.org>, > e.dimitr...@gmail.com <e.dimitr...@gmail.com> > *Cc: *ble...@apache.org <ble...@apache.org> > *Subject: *Re: UDF: adding custom jar to classpath > > Hi Ekaterina, > > > > I use 4.0.1. > > But as I said I added a jar in classpath (/usr/share/cassandra/lib/ folder > on every node) and I see that the jar is loaded in the classpath from the > Cassandra command line. And I have "enable_user_defined_functions: true" > and "enable_user_defined_functions_threads: false" in cassandra.yaml. > > So I don't see what is missing or not done properly. > > > > Best regards, > > Sébastien. > > > > Le mer. 6 avr. 2022 à 16:03, Ekaterina Dimitrova <e.dimitr...@gmail.com> > a écrit : > > Hi Sebastian, > > Do you use the latest 4.0.3 version? Those options were added in 4.0.2 I > believe, so if you try them with an earlier version - below message is what > you would get as they didn’t exist. > > > > Best regards, > > Ekaterina > > > > On Wed, 6 Apr 2022 at 9:53, Sébastien Rebecchi <srebec...@kameleoon.com> > wrote: > > Hi Benjamin, Hi everybody, > > > > I found in the documentation that we should add "allow_insecure_udfs: > true" and optionally "allow_extra_insecure_udfs: true" so that > "enable_user_defined_functions_threads: false" is really taken into account > (I understood like that). That would explain why my UDF still does not run > even with "enable_user_defined_functions_threads: false". Found in > https://github.com/apache/cassandra/blob/cassandra-4.0/NEWS.txt > > > > So I tried to add "allow_insecure_udfs: true" and > "allow_extra_insecure_udfs: true" in cassandra.yaml, but then Cassandra > failed to restart and I got that error in logs "Exception > (org.apache.cassandra.exceptions.ConfigurationException) encountered during > startup: Invalid yaml. Please remove properties [allow_insecure_udfs, > allow_extra_insecure_udfs] from your cassandra.yaml". > > > > Should I understand that we can activate that 2 extra confs only by > changing source code? That would be really disappointing :( And if no, then > how to activate all UDF possibilities from cassandra.yaml please? > > > > Thanks in advance, > > > > Sébastien. > > > > > > Le mar. 5 avr. 2022 à 10:36, Benjamin Lerer <ble...@apache.org> a écrit : > > Unfortunately, I do not have much time for doing some digging. Sorry for > that :-( > > You should look at JavaBasedUDFunction and UDFExecutorServic. > > > > Le lun. 4 avr. 2022 à 17:25, Sébastien Rebecchi <srebec...@kameleoon.com> > a écrit : > > Hi! > > Do you have any more ideas for me? > > Cordially, > > Sébastien. > > > > Le lun. 28 mars 2022 à 16:39, Sébastien Rebecchi <srebec...@kameleoon.com> > a écrit : > > Unfortunately, it is not working even with > "enable_user_defined_functions_threads: false" in cassandra.yaml :/ > > Is there any way to check the running configuration? > > > > Le lun. 28 mars 2022 à 15:35, Benjamin Lerer <ble...@apache.org> a écrit : > > I do not think that allowing to customize UDF classes whitelist has been > discussed before. Feel free to open a JIRA ticket :-) > > I have some plans to revisit how we securise UDFs as the current threading > approach has some impact in terms of latency. That can be a good > opportunity to look into providing more flexibility. > > > > Le lun. 28 mars 2022 à 15:00, Sébastien Rebecchi <srebec...@kameleoon.com> > a écrit : > > Thanks you very much! I will try that. > > As you know, would it be a long-terms solution? Or is there any plan to > add the possibility to customize UDF classes whitelist? > > > > Le lun. 28 mars 2022 à 14:31, Benjamin Lerer <ble...@apache.org> a écrit : > > Is there a way to customize that default behaviour? > > > > Looking at JavaBasedUDFunction quickly it seems that the ClassLoader is > only used when you use the UDFExecutorService to execute your UDFs. You can > try to disable it using "enable_user_defined_functions_threads: false" and > see if it works. > > Now that also means that you have to ensure that only trusted persons can > create UDF or UDA as it removes all safety mechanisms. > > > > Le lun. 28 mars 2022 à 13:23, Sébastien Rebecchi <srebec...@kameleoon.com> > a écrit : > > Hi Benjamin, > > > > Thanks for the answer. > > Is there a way to customize that default behaviour? If no, could you > indicate where to find this class loader in the github of Cassandra please? > > > > Le lun. 28 mars 2022 à 12:40, Benjamin Lerer <ble...@apache.org> a écrit : > > Hi Sébastien, > > > > Cassandra uses a special classloader for UDFs that limit which classes can > be used. > > You cannot rely on non-JDK classes for UDFs and some of the JDK packages > like the IO package for example cannot be used. > > The goal is simply to ensure that UDFs cannot compromise the server > security. > > > > Le lun. 28 mars 2022 à 11:31, Sébastien Rebecchi <srebec...@kameleoon.com> > a écrit : > > Hello, > > I am trying to create a UDF based on custom methods. > So I set enable_user_defined_functions to true and added a jar in > "/usr/share/cassandra/lib/" folder on every node, restarted the nodes and I > can see from the command line that the jar is indeed used (in the classpath > with -cp). > > But when i create the UDF I got that error: > > CREATE OR REPLACE FUNCTION blobToJson (input blob) RETURNS NULL ON NULL > INPUT RETURNS text LANGUAGE java AS 'return > com.kameleoon.visit.Visit.writeToJson(com.kameleoon.visit.Visit.readFromByteBuffer(input));'; > InvalidRequest: Error from server: code=2200 [Invalid query] message="Java > source compilation failed: > Line 1: com.kameleoon.visit.Visit cannot be resolved to a type > Line 1: com.kameleoon.visit.Visit cannot be resolved to a type > > Of course the class com.kameleoon.visit.Visit does exist in the jar and > the jar has read rights to every user (chmod 444). So I can not find the > reason. > > versions are: [cqlsh 6.0.0 | Cassandra 4.0.1 | CQL spec 3.4.5 | Native > protocol v5] > > Any help would be appreciated! > > Thanks! > > Sébastien. > >
