abhishekbafna commented on PR #14844: URL: https://github.com/apache/pinot/pull/14844#issuecomment-2646962732
> Since this is static analysis, we should apply the analysis in 2 places: > > 1. When table config gets created/updated, we want to validate the groovy transforms configured > 2. When broker gets a query, we want to validate the groovy transform within it > > Take a look at where we block groovy functions right now. We can integrate this logic at the same place. The analysis applied at both the suggested places. 1. The groovy expression is validated and blocked (if found containing in-secure code) at the table creation and update stage. This happens in the controller. 2. For the queries, the analysis happens in the server and failure is reported. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org For additional commands, e-mail: commits-h...@pinot.apache.org
