Hi guys,
My team is currently in the process of migrating from 1.9x to 2.2.1
We have managed to migrate a big portion of our repository across but there
are still few small Cypher issues to iron out.
This post is regarding one of the issues, lets examine the following query:
MATCH (country:Country {Name: "Canada"})-[:HAS_REGIONS]->region
> WITH country
> OPTIONAL MATCH region-[:HAS_CITIES]->(city {Name: "Ottawa"})
> RETURN region.Name, city.Name
Our mistake of not passing on the *region* identifier in the WITH clause,
is causing the OPTIONAL MATCH to perform AllNodesScan.
Although at the start of the query we restrict the listing to only the
Canadian regions, the query result will include Ottawa city in Kansas, USA.
We have noticed that if the OPTIONAL MATCH were to be a MATCH clause it
still behaves the same way.
This has following impact:
- query takes long time to run,
- in a big database the query will time-out,
- returns more results than expected, and
- more importantly violates tenancy boundary.
Our beef with this behaviour/bug is that in our multi-tenancy application,
the reports display data of other tenants which is a serious issue.
Think about our payment reports that incorrectly pays out people, by
including work that someone else did in some other company.
Our report tests create test data for a single tenant and verifies that the
query returns the expected result-set.
The tests are passing because we do not setup unrelated test data and
verify whether the query accidentally fetching those.
In 1.9.x, such queries with undefined identifiers, throw an exception.
Our question to you is, is there a way for Neo4j server to throw an
exception when *all of the identifiers* in a pattern is not defined?
Or is writing paranoid tests the only way forward?
Or you guys know about this and a fix is on its way?
Cheers
--
You received this message because you are subscribed to the Google Groups
"Neo4j" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.