From 6b3fa29d03db66a44d8b3d0762a205f79eb5f574 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Jean-Christophe=20Beaupr=C3=A9?= Date: Sat, 17 Jun 2017 00:50:22 -0400 Subject: [PATCH] neo4j: Prevent accidental code injections in the tests MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Jean-Christophe Beaupré --- tests/test_neo4j.nit | 11 ++++++++--- tests/test_neo4j_batch.nit | 11 ++++++++--- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/tests/test_neo4j.nit b/tests/test_neo4j.nit index 5da93bb..974a80a 100644 --- a/tests/test_neo4j.nit +++ b/tests/test_neo4j.nit @@ -26,7 +26,11 @@ var client = new Neo4jClient("http://localhost:7474") assert client.is_ok # Clear the previous objects, if any -client.cypher(new CypherQuery.from_string("MATCH (n) WHERE n.key = {key} OPTIONAL MATCH n-[r]-() DELETE r, n")) +client.cypher( + new CypherQuery.from_string( + "MATCH (n) WHERE n.key = \{key\} OPTIONAL MATCH n-[r]-() DELETE r, n" + ).set("key", key) +) var andres = new NeoNode andres.labels.add_all(["PERSON", "MALE"]) @@ -123,8 +127,9 @@ print "{res5["name"].to_s} IS LOVED BY {res5.in_nodes("LOVES").first["name"].to_ var query = (new CypherQuery). nmatch("(n: MALE)-[r: LOVES]->(m)"). nwhere("n.name = 'Andres'"). - nand("n.key = {key}"). - nreturn("n, r, m") + nand("n.key = \{key\}"). + nreturn("n, r, m"). + set("key", key) var res7 = client.cypher(query) assert res7.as(JsonObject)["data"].as(JsonArray).length == 1 diff --git a/tests/test_neo4j_batch.nit b/tests/test_neo4j_batch.nit index e098357..464eb2f 100644 --- a/tests/test_neo4j_batch.nit +++ b/tests/test_neo4j_batch.nit @@ -41,7 +41,11 @@ var client = new Neo4jClient("http://localhost:7474") assert client.is_ok # Clear the previous objects, if any -client.cypher(new CypherQuery.from_string("MATCH (n) WHERE n.key = {key} OPTIONAL MATCH n-[r]-() DELETE r, n")) +client.cypher( + new CypherQuery.from_string( + "MATCH (n) WHERE n.key = \{key\} OPTIONAL MATCH n-[r]-() DELETE r, n" + ).set("key", key) +) print "# Save batch\n" @@ -96,8 +100,9 @@ print "{res5["name"].to_s} IS LOVED BY {res5.in_nodes("LOVES").first["name"].to_ var query = (new CypherQuery). nmatch("(n: MALE)-[r: LOVES]->(m)"). nwhere("n.name = 'Andres'"). - nand("n.key = {key}"). - nreturn("n, r, m") + nand("n.key = \{key\}"). + nreturn("n, r, m"). + set("key", key) var res7 = client.cypher(query) assert res7.as(JsonObject)["data"].as(JsonArray).length == 1 -- 1.7.9.5