
Gremlin safe mode? (No JDK calls)

Is there a way to limit Gremlin expressions to just Gremlin API? I'd like to embed gremlin as a part of one rule engine, but the possibility to call whatever e.g. in filters is a risk.

g.v(1).outE.filter{ new Socket('localhost', 8080). ... }

Is there a way to limit the execution to some safe set of interfaces?


  • One method might be to look into what Groovy offers in controlling script execution via JVM security. Perhaps these links will be helpful:

    As an alternative to JVM security there is also this compilation customizer:

    which would allow you to write filters that will prevent a script from getting reference to objects that they are not supposed to.