Andrea Cosentino created CAMEL-23528:
----------------------------------------
Summary: camel-neo4j: validate property names when building
MATCH/DELETE WHERE clause
Key: CAMEL-23528
URL: https://issues.apache.org/jira/browse/CAMEL-23528
Project: Camel
Issue Type: Improvement
Components: camel-neo4j
Reporter: Andrea Cosentino
Neo4jProducer.retrieveNodes() and Neo4jProducer.deleteNode() build the Cypher
WHERE clause from the CamelNeo4jMatchProperties JSON map. Property *values* are
passed as bound query parameters ($paramN), but property *names* (the JSON
keys) are concatenated into the query string verbatim:
{code:java}
whereClause.append(alias).append(".").append(entry.getKey())
.append(" = $").append(paramName);
{code}
Because the key is inserted unescaped, a property name containing whitespace or
characters that are not valid Cypher identifier characters produces a malformed
or unintended query instead of a clear error.
Proposed change (apply to *both* retrieveNodes() and deleteNode() — the two
code paths are identical):
* Validate each property name against a strict identifier pattern (e.g.
^[A-Za-z_][A-Za-z0-9_]*$) before using it to build the clause, and reject
non-matching names with a clear IllegalArgumentException wrapped in
Neo4jOperationException, consistent with the existing JSON-parse error handling.
* Add unit tests covering valid and rejected property names for both operations.
This makes property-name handling consistent with the already-parameterised
value handling and ensures invalid input fails fast with a meaningful message.
_Reported via the Camel JIRA workflow by Claude Code on behalf of Andrea
Cosentino._
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
