[Bug] SecurityException: Not allowed to read file via Gremlin

wuchaojing commented 1 year ago

Bug Type (问题类型)

others (please edit later)

Before submit

[X] 我已经确认现有的 Issues 与 FAQ 中没有相同 / 重复问题 (I have confirmed and searched that there are no similar problems in the historical issue and documents)

Environment (环境信息)

Server Version: 1.0.0 (Apache Release Version)
Backend: RocksDB x nodes, HDD or SSD
OS: xx CPUs, xx G RAM, Ubuntu 2x.x / CentOS 7.x
Data Size: xx vertices, xx edges

Expected & Actual behavior (期望与实际表现)

在hubble上执行gremlin如g.V()语句后，会出现以下WARN日志，帮看下原因

2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/groovy/runtime/metaclass/Script3MetaClass.class 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/Script3BeanInfo.class 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/Script3BeanInfo.groovy 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/Script3BeanInfo.class 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/Script3Customizer.class 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/Script3Customizer.groovy 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/Script3Customizer.class 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/groovy/runtime/metaclass/org/apache/tinkerpop/gremlin/process/traversal/dsl/graph/GraphTraversalSourceMetaClass.class 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/org/apache/tinkerpop/gremlin/process/traversal/dsl/graph/GraphTraversalSourceBeanInfo.class 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/org/apache/tinkerpop/gremlin/process/traversal/dsl/graph/GraphTraversalSourceBeanInfo.class 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/org/apache/tinkerpop/gremlin/process/traversal/dsl/graph/GraphTraversalSourceCustomizer.class 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/org/apache/tinkerpop/gremlin/process/traversal/dsl/graph/GraphTraversalSourceCustomizer.class 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/org/codehaus/groovy/runtime/callsite/PojoMetaMethodSite$PojoCachedMethodSite.class 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/org/apache/tinkerpop/gremlin/process/traversal/Bytecode$Instruction.class 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/org/apache/tinkerpop/gremlin/process/traversal/dsl/graph/DefaultGraphTraversal.class 2023-03-20 10:35:37 [gremlin-server-exec-2] [WARN] o.a.h.s.HugeSecurityManager - SecurityException: Not allowed to read file via Gremlin: /usr/lib/jvm/java-11-openjdk-11.0.18.0.10-1.el7_9.x86_64/lib/org/apache/tinkerpop/gremlin/process/traversal/util/DefaultTraversal.class

Vertex/Edge example (问题点 / 边数据举例)

No response

Schema [VertexLabel, EdgeLabel, IndexLabel] (元数据结构)

No response

imbajin commented 1 year ago

Has checked #1032?

wuchaojing commented 1 year ago

Yes,but according to the comment of #1032, this problem should have been fixed. I don't know why it will still appear in the new version(1.0.0)

imbajin commented 1 year ago

Yes,but according to the comment of #1032, this problem should have been fixed. I don't know why it will still appear in the new version(1.0.0)

I can't reproduce it in Hubble + Server 1.0.0 after I load example data then type g.V(), no warn(ing) logs appear in hubble or server.

Need more info for it

BTW, could use docker to test hubble & server now, may help to speed up the identification of some issues

apache / incubator-hugegraph