[
https://issues.apache.org/jira/browse/CAMEL-23528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrea Cosentino reassigned CAMEL-23528:
----------------------------------------
Assignee: Andrea Cosentino
> camel-neo4j: validate property names when building MATCH/DELETE WHERE clause
> ----------------------------------------------------------------------------
>
> Key: CAMEL-23528
> URL: https://issues.apache.org/jira/browse/CAMEL-23528
> Project: Camel
> Issue Type: Improvement
> Components: camel-neo4j
> Reporter: Andrea Cosentino
> Assignee: Andrea Cosentino
> Priority: Major
>
> Neo4jProducer.retrieveNodes() and Neo4jProducer.deleteNode() build the Cypher
> WHERE clause from the CamelNeo4jMatchProperties JSON map. Property *values*
> are passed as bound query parameters ($paramN), but property *names* (the
> JSON keys) are concatenated into the query string verbatim:
> {code:java}
> whereClause.append(alias).append(".").append(entry.getKey())
> .append(" = $").append(paramName);
> {code}
> Because the key is inserted unescaped, a property name containing whitespace
> or characters that are not valid Cypher identifier characters produces a
> malformed or unintended query instead of a clear error.
> Proposed change (apply to *both* retrieveNodes() and deleteNode() — the two
> code paths are identical):
> * Validate each property name against a strict identifier pattern (e.g.
> ^[A-Za-z_][A-Za-z0-9_]*$) before using it to build the clause, and reject
> non-matching names with a clear IllegalArgumentException wrapped in
> Neo4jOperationException, consistent with the existing JSON-parse error
> handling.
> * Add unit tests covering valid and rejected property names for both
> operations.
> This makes property-name handling consistent with the already-parameterised
> value handling and ensures invalid input fails fast with a meaningful message.
> _Reported via the Camel JIRA workflow by Claude Code on behalf of Andrea
> Cosentino._
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
