Gremlin safe mode? (No JDK calls)

Question

Is there a way to limit Gremlin expressions to just Gremlin API? I'd like to embed gremlin as a part of one rule engine, but the possibility to call whatever e.g. in filters is a risk.

g.v(1).outE.filter{ new Socket('localhost', 8080). ... }

Is there a way to limit the execution to some safe set of interfaces?

Answer 1

One method might be to look into what Groovy offers in controlling script execution via JVM security. Perhaps these links will be helpful:

http://groovy.codehaus.org/Security http://www.chrismoos.com/2010/03/24/groovy-scripts-and-jvm-security/

As an alternative to JVM security there is also this compilation customizer:

http://groovy-sandbox.kohsuke.org/

which would allow you to write filters that will prevent a script from getting reference to objects that they are not supposed to.