[TINKERPOP-2835] Query translation ignores sandbox limitations - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Incomplete
Affects Version/s: 3.5.4
Fix Version/s: None
Component/s: groovy
Labels:
None

Description

When I run a query such as g.V().has('NAME',System.getenv()) our sandbox configuration blocks the execution of System.getenv(), however if the request is passed to one of the translators (e.g. GroovyTranslator), the query is executed (and could be used to reboot a machine, kill the Java VM, run OS level commands, etc):

`g.V().has("NAME",[("PATH"): ("/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin .....`

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Dan Snoddy

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 06/Dec/22 15:12

Updated:: 11/Jan/23 17:55

Resolved:: 11/Jan/23 17:55