Skip to content

CAMEL-23528: validate property names when building MATCH/DELETE WHERE clause#23258

Open
oscerd wants to merge 1 commit into
apache:mainfrom
oscerd:fix/CAMEL-23528
Open

CAMEL-23528: validate property names when building MATCH/DELETE WHERE clause#23258
oscerd wants to merge 1 commit into
apache:mainfrom
oscerd:fix/CAMEL-23528

Conversation

@oscerd
Copy link
Copy Markdown
Contributor

@oscerd oscerd commented May 15, 2026

Description

Neo4jProducer.retrieveNodes() and deleteNode() build the Cypher WHERE clause from the CamelNeo4jMatchProperties JSON map. Property values are passed as bound query parameters ($paramN), but property names (the JSON keys) were concatenated into the query string verbatim. A property name containing whitespace or characters that are not valid Cypher identifier characters produced a malformed or unintended query instead of a clear error.

Changes

  • Add strict property-name validation (^[A-Za-z_][A-Za-z0-9_]*$) applied in both retrieveNodes() and deleteNode() before the name is used to build the clause.
  • Reject non-matching names with a clear IllegalArgumentException, wrapped in Neo4jOperationException consistent with the existing JSON-parse error handling.
  • Add a unit test covering valid and rejected property names for both operations.

This makes property-name handling consistent with the already-parameterised value handling and ensures invalid input fails fast with a meaningful message.

Jira: https://issues.apache.org/jira/browse/CAMEL-23528

Claude Code on behalf of Andrea Cosentino

@oscerd
CAMEL-23528: validate property names when building MATCH/DELETE WHERE…
496813d 
… clause

Signed-off-by: Andrea Cosentino <ancosen@gmail.com>
@oscerd oscerd requested review from orpiske and zbendhiba May 15, 2026 19:25
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 15, 2026

🌟 Thank you for your contribution to the Apache Camel project! 🌟
🤖 CI automation will test this PR automatically.

🐫 Apache Camel Committers, please review the following items:

  • First-time contributors require MANUAL approval for the GitHub Actions to run
  • You can use the command /component-test (camel-)component-name1 (camel-)component-name2.. to request a test from the test bot although they are normally detected and executed by CI.
  • You can label PRs using skip-tests and test-dependents to fine-tune the checks executed by this PR.
  • Build and test logs are available in the summary page. Only Apache Camel committers have access to the summary.

⚠️ Be careful when sharing logs. Review their contents before sharing them publicly.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 15, 2026

🧪 CI tested the following changed modules:

  • components/camel-ai/camel-neo4j
All tested modules (10 modules)
  • Camel :: AI :: LangChain4j :: Embedding
  • Camel :: AI :: LangChain4j :: EmbeddingStore
  • Camel :: AI :: Neo4j
  • Camel :: JBang :: MCP
  • Camel :: JBang :: Plugin :: Route Parser
  • Camel :: JBang :: Plugin :: TUI
  • Camel :: JBang :: Plugin :: Validate
  • Camel :: Launcher :: Container
  • Camel :: YAML DSL :: Validator
  • Camel :: YAML DSL :: Validator Maven Plugin

⚙️ View full build and test results

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@davsclaus davsclaus davsclaus approved these changes

@orpiske orpiske Awaiting requested review from orpiske

@zbendhiba zbendhiba Awaiting requested review from zbendhiba

Assignees

No one assigned

Labels

components components-ai

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@oscerd @davsclaus