Gremlin safe mode? (No JDK calls)

https://stackoverflow.com/questions/23476176

expression
graph-databases
safe-mode
gremlin

15-07-2023
|

题

Is there a way to limit Gremlin expressions to just Gremlin API? I'd like to embed gremlin as a part of one rule engine, but the possibility to call whatever e.g. in filters is a risk.

g.v(1).outE.filter{ new Socket('localhost', 8080). ... }

Is there a way to limit the execution to some safe set of interfaces?

解决方案

One method might be to look into what Groovy offers in controlling script execution via JVM security. Perhaps these links will be helpful:

http://groovy.codehaus.org/Security http://www.chrismoos.com/2010/03/24/groovy-scripts-and-jvm-security/

As an alternative to JVM security there is also this compilation customizer:

http://groovy-sandbox.kohsuke.org/

which would allow you to write filters that will prevent a script from getting reference to objects that they are not supposed to.

许可以下： CC-BY-SA 和归因

不隶属于 StackOverflow