Gremlin safe mode? (No JDK calls)

https://stackoverflow.com/questions/23476176

expression
graph-databases
safe-mode
gremlin

15-07-2023
|

Question

Is there a way to limit Gremlin expressions to just Gremlin API? I'd like to embed gremlin as a part of one rule engine, but the possibility to call whatever e.g. in filters is a risk.

g.v(1).outE.filter{ new Socket('localhost', 8080). ... }

Is there a way to limit the execution to some safe set of interfaces?

Solution

One method might be to look into what Groovy offers in controlling script execution via JVM security. Perhaps these links will be helpful:

http://groovy.codehaus.org/Security http://www.chrismoos.com/2010/03/24/groovy-scripts-and-jvm-security/

As an alternative to JVM security there is also this compilation customizer:

http://groovy-sandbox.kohsuke.org/

which would allow you to write filters that will prevent a script from getting reference to objects that they are not supposed to.

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow