[jira] [Commented] (TINKERPOP-3247) String-Based Parameters

[ASF GitHub Bot (Jira)]

    [ 
https://issues.apache.org/jira/browse/TINKERPOP-3247?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18079590#comment-18079590
 ] 

ASF GitHub Bot commented on TINKERPOP-3247:
-------------------------------------------

Cole-Greer commented on code in PR #3402:
URL: https://github.com/apache/tinkerpop/pull/3402#discussion_r3211833145


##########
gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java:
##########
@@ -1155,4 +1130,56 @@ public void ensureScriptEngineDefaultsToGremlinLang() {
             cluster.close();
         }
     }
+
+    @Test
+    public void shouldSubmitWithStringBindingsViaRequestMessage() throws 
Exception {
+        try (SimpleClient client = TestClientFactory.createSimpleHttpClient()) 
{
+            final RequestMessage request = 
RequestMessage.build("g.V(x).out(y).values('name')")
+                    
.addBindings("[\"x\":1,\"y\":\"knows\"]").addG("gmodern").create();
+            final List<ResponseMessage> responses = client.submit(request);
+            assertEquals(HttpResponseStatus.OK, 
responses.get(0).getStatus().getCode());
+            assertEquals("vadas", 
responses.get(0).getResult().getData().get(0));
+        }
+    }
+
+    @Test
+    public void shouldRejectTraversalInjectionInStringBindings() throws 
Exception {
+        try (SimpleClient client = TestClientFactory.createSimpleHttpClient()) 
{
+            final RequestMessage request = RequestMessage.build("g.V(x)")
+                    .addBindings("[x:__.V().drop()]").addG("gmodern").create();
+            final List<ResponseMessage> responses = client.submit(request);
+            assertEquals(HttpResponseStatus.BAD_REQUEST, 
responses.get(0).getStatus().getCode());
+        }
+    }
+
+    @Test
+    public void 
shouldReturnUserFriendlyErrorMessageForMalformedParameterStrings() throws 
Exception {
+        final Cluster cluster = TestClientFactory.build().create();
+        final Client client = cluster.connect();
+
+        // each entry is [malformed input, expected substring in error message]
+        final String[][] cases = {
+                {"[\"x\":",                     "could not be converted into a 
Map. Query parsing failed at"},
+                {"not a map at all",            "could not be converted into a 
Map. Query parsing failed at"},
+                {"[\"x\":\"unclosed]",          "could not be converted into a 
Map. Query parsing failed at"},
+                {"[\"x\":,\"y\":1]",            "could not be converted into a 
Map. Query parsing failed at"},
+                {"[\"x\":__.V().drop()]",       "Traversals are not allowed"},
+                {"[\"~id\":1]",                 "must be a valid identifier"}
+        };
+
+        for (final String[] testCase : cases) {
+            final ResultSet result = client.submit(
+                    "g.V(x)", 
RequestOptions.build().addParametersString(testCase[0]).create());
+            try {
+                result.one();

Review Comment:
   Nit:
   ```suggestion
                   result.one();
                   fail("Expect to throw exception")
   ```





> String-Based Parameters
> -----------------------
>
>                 Key: TINKERPOP-3247
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-3247
>             Project: TinkerPop
>          Issue Type: Improvement
>          Components: language, server
>    Affects Versions: 4.0.0
>            Reporter: Ken Hu
>            Priority: Major
>
> Based on the discussion in the devlist, this revolves changing the 
> bindings/parameters from being a Map to a gremlin-lang string version of the 
> map. This decouples the evolution of the language from the evolution of the 
> serializers as new types can be added without having to update the 
> serializers as well.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)