Uploaded image for project: 'TinkerPop'
  1. TinkerPop
  2. TINKERPOP-2835

Query translation ignores sandbox limitations

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Incomplete
    • 3.5.4
    • None
    • groovy
    • None

    Description

      When I run a query such as g.V().has('NAME',System.getenv()) our sandbox configuration blocks the execution of System.getenv(), however if the request is passed to one of the translators (e.g. GroovyTranslator), the query is executed (and could be used to reboot a machine, kill the Java VM, run OS level commands, etc):

      `g.V().has("NAME",[("PATH"): ("/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin .....`

       

      Attachments

        Activity

          People

            Unassigned Unassigned
            Snoddy Dan Snoddy
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: