Cole-Greer commented on PR #3384:
URL: https://github.com/apache/tinkerpop/pull/3384#issuecomment-4300897958
> Can you add unit test to verify gremlin-groovy is disabled? something like
>
> ```
> @Test
> public void gremlinLang() {
> final Cluster cluster =
Cluster.build().addContactPoint("localhost").port(8182).create();
> final Client client = cluster.connect();
>
> // should handle traversal
> final GraphTraversalSource g =
traversal().withRemote(DriverRemoteConnection.using(cluster, "gmodern"));
> long count = g.V().count().next();
> assertEquals(6, count);
>
> // should handle script
> final RequestOptions noLang = RequestOptions.build().addAlias("g",
"gmodern").create();
> count = client.submit("g.V().count().next()",
noLang).one().getLong();
> assertEquals(6, count);
>
> // should handle script with explicit engine name
> final RequestOptions requestOptions =
RequestOptions.build().language("gremlin-lang").addAlias("g",
"gmodern").create();
> count = client.submit("g.V().count().next()",
requestOptions).one().getLong();
> assertEquals(6, count);
>
> // should not allow suspicious queries
> try {
> client.submit("2+2", requestOptions).one().getLong();
> fail("should throw exception");
> } catch (final CompletionException e) {
> final Throwable inner = e.getCause();
> assertTrue(inner instanceof ResponseException);
> assertEquals(ResponseStatusCode.SERVER_ERROR_EVALUATION,
((ResponseException) inner).getResponseStatusCode());
> }
>
> // in gremlin-groovy '1g' is valid BigDecimal value, but in
gremlin-lang should be '1m';
> // the easiest way to determine which script engine the request
was executed on
> try {
> client.submit("g.inject(1g)", requestOptions).one().getLong();
> fail("should throw exception");
> } catch (final CompletionException e) {
> final Throwable inner = e.getCause();
> assertTrue(inner instanceof ResponseException);
> assertEquals(ResponseStatusCode.SERVER_ERROR_EVALUATION,
((ResponseException) inner).getResponseStatusCode());
> }
>
> final BigDecimal one = (BigDecimal)client.submit("g.inject(1m)",
requestOptions).one().getObject();
> assertEquals(BigDecimal.ONE, one);
> }
> ```
I've adapted this test and added it to the server integration tests. I've
given it extra cases to additionally verify error responses if the driver
explicitly asks for `language: "gremlin-groovy"` when it is not configured
(based on a new script engine allowlist), as well as if the driver asks for a
completely unknown language.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]