Commit Graph

2722 Commits

Author SHA1 Message Date
Robert Muir 3c419c2186 do expressions consistently with other engines 2015-12-05 22:08:40 -05:00
Robert Muir 2169a123a5 Filter classes loaded by scripts
Since 2.2 we run all scripts with minimal privileges, similar to applets in your browser.
The problem is, they have unrestricted access to other things they can muck with (ES, JDK, whatever).
So they can still easily do tons of bad things

This PR restricts what classes scripts can load via the classloader mechanism, to make life more difficult.
The "standard" list was populated from the old list used for the groovy sandbox: though
a few more were needed for tests to pass (java.lang.String, java.util.Iterator, nothing scary there).

Additionally, each scripting engine typically needs permissions to some runtime stuff.
That is the downside of this "good old classloader" approach, but I like the transparency and simplicity,
and I don't want to waste my time with any feature provided by the engine itself for this, I don't trust them.

This is not perfect and the engines are not perfect but you gotta start somewhere. For expert users that
need to tweak the permissions, we already support that via the standard java security configuration files, the
specification is simple, supports wildcards, etc (though we do not use them ourselves).
2015-12-05 21:46:52 -05:00
Robert Muir 46377778a9 Merge branch 'master' into getClassLoader 2015-12-04 15:58:36 -05:00
Robert Muir 7160c5ec15 list modules separately in pluginservice 2015-12-04 01:13:17 -05:00
Ryan Ernst a8e9403204 added gradle checks for modules configuration, and ability to add
modules to integ test cluster
2015-12-03 20:53:06 -08:00
Ryan Ernst 0a4a81afaf Added modules, distributions now include them (just plugins installed in
a diff dir)
2015-12-03 14:18:26 -08:00
Shay Banon bf0caafa04 remove old modules and gradle 2011-12-06 01:01:04 +02:00
Shay Banon a8fd2d48b8 first cleanup phase, move to single src 2011-12-06 00:59:23 +02:00
Shay Banon 9995d27841 Analysis: Add arabic, brazilian, czech to stemmer token filter language options, closes #1519. 2011-12-04 16:36:42 +02:00
Shay Banon 720954d8a6 Version missing a space, closes #1517. 2011-12-04 12:48:29 +02:00
Shay Banon 032e215f25 search missing from stats when using clear and search params, closes #1516. 2011-12-02 12:32:51 +02:00
Shay Banon be282cc4c8 Improve highlighting perf (a bit) by reusing some constructs across hits, closes #1513. 2011-11-30 19:15:31 +02:00
Shay Banon c93ddd9b61 check against hte fieldName... 2011-11-30 13:34:21 +02:00
Shay Banon 6c552b4187 have DocSet implement Bits interface 2011-11-29 23:53:38 +02:00
Shay Banon a21c0829c7 Query DSL: Bool filter does not take should clauses properly into account, closes #1511. 2011-11-29 22:39:07 +02:00
Shay Banon 76307a5e73 cleanup 2011-11-29 21:28:07 +02:00
Shay Banon e9d2f44d49 Query DSL: Bool filter does not take should clauses properly into account, closes #1511. 2011-11-29 21:27:36 +02:00
Shay Banon de49a313c5 Query DSL: Bool filter does not take should clauses properly into account, closes #1511. 2011-11-29 21:23:41 +02:00
Shay Banon 9bb9ce4e84 add 0.18.6 2011-11-29 13:55:11 +02:00
Shay Banon ae4ae598e3 make node closed exception serializable 2011-11-29 10:18:13 +02:00
Shay Banon b2fa6b7a94 When _source is disabled, don't return it in realtime get fetching the document from the transaction log, closes #1509. 2011-11-29 09:39:46 +02:00
Shay Banon e9fe8ec469 sync with latest Lucene block join, init parentDoc to -1, which makes the assert commented out valid again 2011-11-28 23:47:31 +02:00
Shay Banon 6b894d9f53 add the option to get mapping as a parsed map, also do some internal refactoring to share the code that parses into a map 2011-11-28 20:19:02 +02:00
Njal Karevoll b1707d219f set "http" on NodeInfo instances if it is passed in the constructor 2011-11-28 17:08:28 +02:00
Shay Banon d5aa7574f3 Upgrade to netty 3.2.7, closes #1506. 2011-11-28 14:48:49 +02:00
Shay Banon 4be7866bd9 Registering a percolate query with additional "object" level metadata can fail, closes #1505. 2011-11-27 18:06:18 +02:00
Shay Banon 32f1edf6f7 Analysis: Add language setting to lowercase filter, supporting greek and turkish, closes #1503. 2011-11-27 13:39:05 +02:00
George Chatzigeorgiou a1a856e4b9 Support Greek stemming
While the GreekAnalyzer supports stemming, custom analyzers for the greek language cannot be build because there is no GreekStemmer (although lucene has one).
2011-11-27 13:22:58 +02:00
Shay Banon f18ad903a9 Upgrade to Lucene 3.5, closes #1502. 2011-11-27 12:57:26 +02:00
Shay Banon fd5d754fe6 better failure messages when dynamic mapping is disabled 2011-11-25 09:40:44 +02:00
Shay Banon a7803855a1 add another path trie test 2011-11-25 00:21:01 +02:00
Shay Banon 3f835eb780 even though it can't happen (offset is 0 when loading from the index), use properly the field to get binary values with offset and length 2011-11-24 21:44:18 +02:00
Shay Banon 21988a0ca7 support compressed percolator index 2011-11-24 21:32:56 +02:00
Shay Banon ac2c2fb48d enable unsafe optimization in lzf for 0.19 2011-11-24 20:12:51 +02:00
Shay Banon 03c2e5ea52 improve how decoding is done on the transport layer, embedding FrameDecoder into the message handler, and reducing allocation of buffers and better guess into allocating cumalation buffers 2011-11-24 20:03:25 +02:00
Shay Banon f0efb8cdea Using _parent:123 in a query string query fails to fetch docs, closes #1497. 2011-11-24 13:59:10 +02:00
Shay Banon 81965d0ea9 Support using _id:1234, or using term query/filter on _id even when _id is not indexed, closes #1496. 2011-11-24 12:31:50 +02:00
Shay Banon daa4444e22 DocumentMapper.java wrong order on build rootMappers, closes #1493. 2011-11-24 09:58:05 +02:00
Shay Banon 2c0662e18e Query DSL: indices query to allow to set a `no_match_query`, closes #1492. 2011-11-23 19:01:14 +02:00
Shay Banon f47b77199d Multi field mapper with more than one extra mapping can cause endless re-sync'ing of mapping between nodes, closes #1487. 2011-11-23 09:04:28 +02:00
Shay Banon 05f98634d8 IndicesQueryBuilder generates the wrong query name, closes #1485. 2011-11-22 15:57:54 +02:00
Shay Banon f28c11b31c By default, set http.compression to false, closes #1482. 2011-11-21 19:50:24 +02:00
Shay Banon bff980c797 Allow empty Strings to be null for Number's and don't autodetect empty string fields as string types, closes #1473. 2011-11-21 18:02:12 +02:00
Shay Banon fbb03c611a add a sleep to fix test (need to think of a better fix) 2011-11-21 10:44:29 +02:00
Shay Banon b10094b109 support boost on block join query (nested) 2011-11-21 10:43:58 +02:00
Shay Banon 90af54dad5 make sure bulk item failure on primary shards will not execute on a replica shard 2011-11-20 15:09:13 +02:00
Shay Banon bb8ff3814e Binary field compression causes wrong _source decoding, closes #1475. 2011-11-20 12:59:22 +02:00
Jeremie BORDIER 6403a42e31 * Try to extract value from String using FieldMapper when reading from the transaction log. 2011-11-17 18:54:41 +02:00
Shay Banon 4d607bdd4a handle valueForString in binary case 2011-11-17 18:19:16 +02:00
Shay Banon c8641588ec clean code, script service no longer used in get action 2011-11-17 15:48:05 +02:00