Secure AGE graph queries with parameterization and depth limits#389
Open
Brad-Edwards wants to merge 1 commit intodevfrom
Open
Secure AGE graph queries with parameterization and depth limits#389Brad-Edwards wants to merge 1 commit intodevfrom
Brad-Edwards wants to merge 1 commit intodevfrom
Conversation
…aphService - Use AGE parameterized queries (agtype params) for uid values in getAncestors, getDescendants, and findPaths, eliminating Cypher injection from user input - Use JDBC ? placeholder for graph name (replaces string interpolation) - Add MAX_DEPTH = 20 constant and validateDepth() to prevent DoS via unbounded graph traversals; illegal argument exception thrown for depth outside [1, 20] - Improve escapeCypher() with null-byte stripping and backtick escaping for materializeGraph() where AGE multi-property parameterization is not practical - Add escapeJson() helper for safe JSON building of AGE agtype param maps - Add @validated + @min(1) @max(20) on depth params in GraphController to return HTTP 400 for out-of-range requests before they reach the service layer - Add tests: depth bounds validation, escapeCypher edge cases, controller 400s Closes #319 https://claude.ai/code/session_01WsTk6SDzcHxfwD35BxT5q5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Hardens the AGE graph query service against Cypher injection attacks and denial-of-service attacks by:
Related Issues
Changes
AgeGraphService:
MAX_DEPTHconstant (20) to limit graph traversal depthvalidateDepth()method to enforce depth constraints ingetAncestors()andgetDescendants()getAncestors(),getDescendants(), andfindPaths()to use parameterized queries instead of string interpolation for user-supplied UIDsescapeCypher()to handle null bytes and backticks (used for identifier escaping in Cypher)escapeJson()method for proper JSON string escaping in AGE agtype parameter mapsageParams()helper to build AGE parameter maps safelyextractUidResults()signature to accept graph name and parameters for parameterized queriesGraphController:
@Validatedannotation to enable method-level validation@Min(1)and@Max(20)constraints todepthparameters ingetAncestors()andgetDescendants()AgeGraphServiceTest:
DepthValidationnested test class with tests for boundary conditions (depth 0, depth > MAX_DEPTH, depth = MAX_DEPTH)EscapeCyphernested test class with unit tests for escaping logic (backslash, single quote, null bytes, backticks)GraphControllerTest:
Test Plan
Checklist
https://claude.ai/code/session_01WsTk6SDzcHxfwD35BxT5q5