Cole-Greer commented on code in PR #3402:
URL: https://github.com/apache/tinkerpop/pull/3402#discussion_r3211833145
##########
gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java:
##########
@@ -1155,4 +1130,56 @@ public void ensureScriptEngineDefaultsToGremlinLang() {
cluster.close();
}
}
+
+ @Test
+ public void shouldSubmitWithStringBindingsViaRequestMessage() throws
Exception {
+ try (SimpleClient client = TestClientFactory.createSimpleHttpClient())
{
+ final RequestMessage request =
RequestMessage.build("g.V(x).out(y).values('name')")
+
.addBindings("[\"x\":1,\"y\":\"knows\"]").addG("gmodern").create();
+ final List<ResponseMessage> responses = client.submit(request);
+ assertEquals(HttpResponseStatus.OK,
responses.get(0).getStatus().getCode());
+ assertEquals("vadas",
responses.get(0).getResult().getData().get(0));
+ }
+ }
+
+ @Test
+ public void shouldRejectTraversalInjectionInStringBindings() throws
Exception {
+ try (SimpleClient client = TestClientFactory.createSimpleHttpClient())
{
+ final RequestMessage request = RequestMessage.build("g.V(x)")
+ .addBindings("[x:__.V().drop()]").addG("gmodern").create();
+ final List<ResponseMessage> responses = client.submit(request);
+ assertEquals(HttpResponseStatus.BAD_REQUEST,
responses.get(0).getStatus().getCode());
+ }
+ }
+
+ @Test
+ public void
shouldReturnUserFriendlyErrorMessageForMalformedParameterStrings() throws
Exception {
+ final Cluster cluster = TestClientFactory.build().create();
+ final Client client = cluster.connect();
+
+ // each entry is [malformed input, expected substring in error message]
+ final String[][] cases = {
+ {"[\"x\":", "could not be converted into a
Map. Query parsing failed at"},
+ {"not a map at all", "could not be converted into a
Map. Query parsing failed at"},
+ {"[\"x\":\"unclosed]", "could not be converted into a
Map. Query parsing failed at"},
+ {"[\"x\":,\"y\":1]", "could not be converted into a
Map. Query parsing failed at"},
+ {"[\"x\":__.V().drop()]", "Traversals are not allowed"},
+ {"[\"~id\":1]", "must be a valid identifier"}
+ };
+
+ for (final String[] testCase : cases) {
+ final ResultSet result = client.submit(
+ "g.V(x)",
RequestOptions.build().addParametersString(testCase[0]).create());
+ try {
+ result.one();
Review Comment:
Nit:
```suggestion
result.one();
fail("Expect to throw exception")
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]