Query parameters in the Cosmos DB Graph-API
Are query parameters supported in the new Cosmos GUI? For example, in a request:
IDocumentQuery<dynamic> query = client.CreateGremlinQuery<dynamic>(graph, "g.V().has('name', 'john')");
Is it possible to replace the hard-coded value "john" with a query parameter like it did in DocumentDB:
IQueryable<Book> queryable = client.CreateDocumentQuery<Book>(
collectionSelfLink,
new SqlQuerySpec
{
QueryText = "SELECT * FROM books b WHERE (b.Author.Name = @name)",
Parameters = new SqlParameterCollection()
{
new SqlParameter("@name", "Herman Melville")
}
});
I am asking about security. Or could there be other ways to protect against injections in Gremlin?
source to share
Tinkerpop generally has a concept bindings
that allows you to define your data separately from your gremlins. An example using Java code can be found here: https://github.com/tinkerpop/gremlin/wiki/Using-Gremlin-through-Java
(search for bindings).
You can also use bindings via the Http endpoint, for example by doing something like:
curl http://localhost:8182 -d '{"gremlin": "g.V().has(key1, value1);", "bindings": {"key1": "name", "value1": "david"}}'
You need to find out if client
your request supports binding options, but it seems to me that you are looking for Tinkerpop compatible functionality.
source to share