Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Fix Version/s: 3.0 beta 1
    • Component/s: None
    • Labels:
      None

      Description

      (Follow-up to CASSANDRA-9402)

      For Java-UDFs we could inspect the compiled Java byte code to find usages of the Java language that are "forbidden" to UDFs.

      These include usages of:

      • synchronized keyword
      • call to j.l.Object.wait
      • call to j.l.Object.notify
      • call to j.l.Object.notifyAll
      • call to j.l.Object.getClass
      • calls to specific methods of currently allowed classes in the driver (but would need some investigation)

      By inspecting the byte code before the class is actually used, even dirty constructs like the following would be impossible:

      CREATE OR REPLACE FUNCTION ... AS $$  return Math.sin(val);
      }
      
      {
        // anonymous initializer code
      }
      
      static {
        // static initializer code
      $$;
      

      (inspired by this blog post)

        Issue Links

          Activity

          Hide
          snazy Robert Stupp added a comment -

          Cassci links (should appear soon):
          testall
          dtest

          Show
          snazy Robert Stupp added a comment - Cassci links (should appear soon): testall dtest
          Hide
          tjake T Jake Luciani added a comment -

          +1 very nice!

          Show
          tjake T Jake Luciani added a comment - +1 very nice!
          Hide
          snazy Robert Stupp added a comment -

          Thanks!
          Committed as 1774eb9a8632fc68ec5e4ea0fd4ce237b74d0f51

          While working on this patch I realized that it's possible to modify the byte code: we could inject a udf-ran-too-long-check in each iteration of a loop making the thread-pool in the sandbox superfluous for Java. But that's stuff for a future ticket.

          Show
          snazy Robert Stupp added a comment - Thanks! Committed as 1774eb9a8632fc68ec5e4ea0fd4ce237b74d0f51 While working on this patch I realized that it's possible to modify the byte code: we could inject a udf-ran-too-long-check in each iteration of a loop making the thread-pool in the sandbox superfluous for Java. But that's stuff for a future ticket.

            People

            • Assignee:
              snazy Robert Stupp
              Reporter:
              snazy Robert Stupp
              Reviewer:
              T Jake Luciani
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development