spmallette commented on code in PR #3157: URL: https://github.com/apache/tinkerpop/pull/3157#discussion_r2251557792
########## docs/src/reference/the-traversal.asciidoc: ########## @@ -5233,6 +5233,60 @@ location. Please see the <<io-step,documentation>> for `io()`-step for more comp link:++https://tinkerpop.apache.org/javadocs/x.y.z/full/org/apache/tinkerpop/gremlin/process/traversal/dsl/graph/GraphTraversal.html#write()++[`write()`] +[[traversal-parameterization]] +== Traversal Parameterization + +A subset of gremlin steps are able to accept parameterized arguments also known as GValues. GValues can be used to +provide protection against gremlin-injection attacks in cases where untrusted and unsanitized inputs must be passed as +step arguments. Additionally, use of GValues may offer performance benefits in certain environments by making use of +some query caching capabilities. Note that the reference implementation of the gremlin language and `gremlin-server` do +not have such a query caching mechanism, and thus will not see any performance improvements through parameterization. Users +should consult the documentation of their specific graph system details of potential performance benefits via parameterization. + +NOTE: There are unique considerations regarding parameters when using `gremlin-groovy` scripts. Groovy allows for parameterization +at arbitrary points in the query in addition to the subset of parameterizable steps documented here. Groovy is also bound by +a comparatively slow script compilation, which makes parameterization essential for performant execution of `gremlin-groovy` scripts. + +[cols="1,1"] +|=== +|Step | Parameterizable arguments Review Comment: lots of steps listed here. is this really the step list for 3.8.0? i guess i'm questioning: `coin`, `combine`, `conjoin`, `constant`, `difference`, `disjunct`, `intersect`, `merge`, `product`. are those really working with the `GValue` style the rest of the steps have and is there testing for all that? Then, why that particular set but not also `all`, `any`, etc.? Need to remove some steps for this initial body of work? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
