apache / incubator-hugegraph

A graph database that supports more than 100+ billion data, high performance and scalability (Include OLTP Engine & REST-API & Backends)
https://hugegraph.apache.org
Apache License 2.0
2.66k stars 520 forks source link

[Bug] SecurityException: Not allowed to read file via Gremlin #2174

Open wuchaojing opened 1 year ago

wuchaojing commented 1 year ago

Bug Type (问题类型)

others (please edit later)

Before submit

Environment (环境信息)

Expected & Actual behavior (期望与实际表现)

在hubble上执行gremlin如g.V()语句后,会出现以下WARN日志,帮看下原因

2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/groovy/runtime/metaclass/Script3MetaClass.class 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/Script3BeanInfo.class 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/Script3BeanInfo.groovy 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/Script3BeanInfo.class 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/Script3Customizer.class 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/Script3Customizer.groovy 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/Script3Customizer.class 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/groovy/runtime/metaclass/org/apache/tinkerpop/gremlin/process/traversal/dsl/graph/GraphTraversalSourceMetaClass.class 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/org/apache/tinkerpop/gremlin/process/traversal/dsl/graph/GraphTraversalSourceBeanInfo.class 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/org/apache/tinkerpop/gremlin/process/traversal/dsl/graph/GraphTraversalSourceBeanInfo.class 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/org/apache/tinkerpop/gremlin/process/traversal/dsl/graph/GraphTraversalSourceCustomizer.class 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/org/apache/tinkerpop/gremlin/process/traversal/dsl/graph/GraphTraversalSourceCustomizer.class 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/org/codehaus/groovy/runtime/callsite/PojoMetaMethodSite$PojoCachedMethodSite.class 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/org/apache/tinkerpop/gremlin/process/traversal/Bytecode$Instruction.class 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/org/apache/tinkerpop/gremlin/process/traversal/dsl/graph/DefaultGraphTraversal.class 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/org/apache/tinkerpop/gremlin/process/traversal/util/DefaultTraversal.class

Vertex/Edge example (问题点 / 边数据举例)

No response

Schema [VertexLabel, EdgeLabel, IndexLabel] (元数据结构)

No response

imbajin commented 1 year ago

Has checked #1032?

wuchaojing commented 1 year ago

Yes,but according to the comment of #1032, this problem should have been fixed. I don't know why it will still appear in the new version(1.0.0)

imbajin commented 1 year ago

Yes,but according to the comment of #1032, this problem should have been fixed. I don't know why it will still appear in the new version(1.0.0)

I can't reproduce it in Hubble + Server 1.0.0 after I load example data then type g.V(), no warn(ing) logs appear in hubble or server.

Need more info for it

BTW, could use docker to test hubble & server now, may help to speed up the identification of some issues