Cole Greer created TINKERPOP-3233:
-------------------------------------
Summary: Standardize argument escaping in GremlinLang
Key: TINKERPOP-3233
URL: https://issues.apache.org/jira/browse/TINKERPOP-3233
Project: TinkerPop
Issue Type: Improvement
Components: dotnet, go, javascript, process, python
Affects Versions: 4.0.0
Reporter: Cole Greer
With the switch from bytecode to GremlinLang in TP4
(https://lists.apache.org/thread/7m3govzsqtmmj224xs7k5vv1ycnmocjn), it's
important that certain step arguments are properly escaped before being added
to a gremlin script to protect against gremlin injection attacks. Currently all
GLVs which have completed this transition have logic to escape string
arguments, but they do not follow a consistent set of rules.
We should develop a set of best practices for escaping gremlin-lang scripts,
document this for users, and update all drivers to follow these consistent
rules.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
