This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Head's Up! These forums are read-only. All users and content have migrated. Please join us at community.neo4j.com.

Avoiding cypher injects when using parameter maps

eric_flick
Node

‎06-06-2019 03:08 PM

I have a use case where I'm generating a dynamic query before eventually calling session.query(...) with it. I'm providing a parameter map to the function that has input that comes from the user. I figured this input would get automatically sanitized but it does not and I can't find anything in documentation that talks about sanitizing inputs for the parameter map.

I'm aware that there's a JDBC PreparedStatement class that will do such a thing...but that seems like a pretty weird solution. Does OGM provide a way to sanitize parameter maps passed to Neo4jSession.query?

0 Kudos
Reply
1 REPLY 1

Jiropole
Graph Voyager

‎06-12-2019 10:09 PM

I'd suggest using your Spring Hibernate/Jackson implementation along with model views (DTOs) to perform the necessary validation. If you then want to get it into map form to pass to cypher, the way I've done this is to define a map method on each DTO to get the map form of the sanitized data.

0 Kudos
Reply
Nodes 2022
Nodes
NODES 2022, Neo4j Online Education Summit

All the sessions of the conference are now available online

Watch replays