Skip to content

Cypher: composite/escaped property values truncated at the first internal comma/quote #1096

Description

@JhohanBustamante

Summary

json_extract_prop() scans a non-string property value up to the first , and a
string value up to the first ", ignoring nesting and backslash escapes. Any
array/object property is therefore truncated at its first internal comma, and
any string containing an escaped quote is cut short.

Reproduce

Given a method whose decorators property holds a composite value:

decorators: ["@Roles('OWNER', 'ADMIN')","@Get()"]

MATCH (m:Method) RETURN m.decorators projects:

["@Roles('OWNER'

i.e. the value is cut at the first comma inside @Roles(...). The same happens
to any decorator taking more than one argument (NestJS, Angular, Spring
handlers), and to strings holding an escaped quote.

Impact

Makes decorator/route/authz queries unusable on frameworks whose decorators take
multiple arguments. On the repo that surfaced this, HTTP endpoints reachable from
the graph went from 3/95 to 95/95 once values were returned whole (with full
@Roles(...) + verb + path).

Expected

Composite values should be copied as balanced constructs, honoring string state
and backslash-escape pairs. The scalar and plain-string paths should be
unaffected.

Environment

Found while indexing a NestJS + Angular monorepo.

Reproduce-first regression tests
(cypher_exec_prop_array_with_internal_commas,
cypher_exec_prop_string_with_escaped_quote) and the fix are ready; PR to
follow, linked to this issue.

Metadata

Metadata

Assignees

No one assigned

    Labels

    cypherCypher query language parser/executor bugs

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions