neo4j: Prevent accidental code injections in the tests

author Jean-Christophe Beaupré <jcbrinfo@users.noreply.github.com>

Sat, 17 Jun 2017 04:50:22 +0000 (00:50 -0400)

committer Jean-Christophe Beaupré <jcbrinfo@users.noreply.github.com>

Sat, 17 Jun 2017 04:50:22 +0000 (00:50 -0400)
author Jean-Christophe Beaupré <jcbrinfo@users.noreply.github.com>
Sat, 17 Jun 2017 04:50:22 +0000 (00:50 -0400)
committer Jean-Christophe Beaupré <jcbrinfo@users.noreply.github.com>
Sat, 17 Jun 2017 04:50:22 +0000 (00:50 -0400)
diff --git a/tests/test_neo4j.nit b/tests/test_neo4j.nit

index 5da93bb..974a80a 100644 (file)
--- a/tests/test_neo4j.nit
+++ b/tests/test_neo4j.nit
@@ -26,7 +26,11 @@ var client = new Neo4jClient("http://localhost:7474")
  assert client.is_ok
  
  # Clear the previous objects, if any
-client.cypher(new CypherQuery.from_string("MATCH (n) WHERE n.key = {key} OPTIONAL MATCH n-[r]-() DELETE r, n"))
+client.cypher(
+       new CypherQuery.from_string(
+               "MATCH (n) WHERE n.key = \{key\} OPTIONAL MATCH n-[r]-() DELETE r, n"
+       ).set("key", key)
+)
  
  var andres = new NeoNode
  andres.labels.add_all(["PERSON", "MALE"])
@@ -123,8 +127,9 @@ print "{res5["name"].to_s} IS LOVED BY {res5.in_nodes("LOVES").first["name"].to_
  var query = (new CypherQuery).
         nmatch("(n: MALE)-[r: LOVES]->(m)").
         nwhere("n.name = 'Andres'").
-       nand("n.key = {key}").
-       nreturn("n, r, m")
+       nand("n.key = \{key\}").
+       nreturn("n, r, m").
+       set("key", key)
  var res7 = client.cypher(query)
  assert res7.as(JsonObject)["data"].as(JsonArray).length == 1
  
diff --git a/tests/test_neo4j_batch.nit b/tests/test_neo4j_batch.nit

index e098357..464eb2f 100644 (file)
--- a/tests/test_neo4j_batch.nit
+++ b/tests/test_neo4j_batch.nit
@@ -41,7 +41,11 @@ var client = new Neo4jClient("http://localhost:7474")
  assert client.is_ok
  
  # Clear the previous objects, if any
-client.cypher(new CypherQuery.from_string("MATCH (n) WHERE n.key = {key} OPTIONAL MATCH n-[r]-() DELETE r, n"))
+client.cypher(
+       new CypherQuery.from_string(
+               "MATCH (n) WHERE n.key = \{key\} OPTIONAL MATCH n-[r]-() DELETE r, n"
+       ).set("key", key)
+)
  
  print "# Save batch\n"
  
@@ -96,8 +100,9 @@ print "{res5["name"].to_s} IS LOVED BY {res5.in_nodes("LOVES").first["name"].to_
  var query = (new CypherQuery).
         nmatch("(n: MALE)-[r: LOVES]->(m)").
         nwhere("n.name = 'Andres'").
-       nand("n.key = {key}").
-       nreturn("n, r, m")
+       nand("n.key = \{key\}").
+       nreturn("n, r, m").
+       set("key", key)
  var res7 = client.cypher(query)
  assert res7.as(JsonObject)["data"].as(JsonArray).length == 1
author	Jean-Christophe Beaupré <jcbrinfo@users.noreply.github.com>
	Sat, 17 Jun 2017 04:50:22 +0000 (00:50 -0400)
committer	Jean-Christophe Beaupré <jcbrinfo@users.noreply.github.com>
	Sat, 17 Jun 2017 04:50:22 +0000 (00:50 -0400)
tests/test_neo4j.nit		patch \| blob \| history
tests/test_neo4j_batch.nit		patch \| blob \| history