Commit 85423fd0 authored by Tobias Steiner's avatar Tobias Steiner
Browse files

Escape special characters for query

parent b2b05070
......@@ -16,6 +16,38 @@ class Neo4jStreamWriter extends Writable {
private neo4j;
private timeout = 500;
private core;
/**
* Escape special characters
* @param {string} param
* @returns {string}
*/
private static escape(param: string) {
// from https://github.com/packagestats/sql-escape/blob/master/index.js
return param.replace(/[\0\x08\x09\x1a\n\r"'\\\%]/g, (char) => {
switch (char) {
case '\0':
return '\\0';
case '\x08':
return '\\b';
case '\x09':
return '\\t';
case '\x1a':
return '\\z';
case '\n':
return '\\n';
case '\r':
return '\\r';
case '\"':
case '\'':
case '\\':
case '%':
// prepends a backslash to backslash, percent, and double/single quotes
return '\\' + char;
}
});
}
constructor(options = {}, neo4j: Driver, core: InterfaceCore) {
super(options);
this.neo4j = neo4j;
......@@ -47,16 +79,16 @@ class Neo4jStreamWriter extends Writable {
/**
* Build the query
* todo: we should move this into a transformer
* todo: we should use parameters f.e. https://stackoverflow.com/questions/42397773/neo4j-what-is-the-syntax-to-set-cypher-query-parameters-in-the-browser-interfac
* @param connection
*/
private buildQuery(connection) {
let query = `MERGE (o:Place {uri:'${connection.from}'}) `;
let query = `MERGE (o:Place {uri:'${Neo4jStreamWriter.escape(connection.from)}'}) `;
connection.to.forEach((current, i) => {
query += ` MERGE (t${i}:Place {uri:'${current}'}) `;
query += ` MERGE (t${i}:Place {uri:'${Neo4jStreamWriter.escape(current)}'}) `;
query += ` MERGE (o)-[:${connection.relation.type} {author:'${connection.relation.author}'}]->(t${i}) `;
});
return query;
}
}
}
export default Neo4jStreamWriter;
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment