[
https://issues.apache.org/jira/browse/TINKERPOP-3233?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18072140#comment-18072140
]
ASF GitHub Bot commented on TINKERPOP-3233:
-------------------------------------------
Cole-Greer commented on PR #3381:
URL: https://github.com/apache/tinkerpop/pull/3381#issuecomment-4210912345
Thanks @GumpacG, LGTM. VOTE +1
> Standardize argument escaping in GremlinLang
> --------------------------------------------
>
> Key: TINKERPOP-3233
> URL: https://issues.apache.org/jira/browse/TINKERPOP-3233
> Project: TinkerPop
> Issue Type: Improvement
> Components: dotnet, go, javascript, process, python
> Affects Versions: 4.0.0
> Reporter: Cole Greer
> Priority: Major
>
> With the switch from bytecode to GremlinLang in TP4
> (https://lists.apache.org/thread/7m3govzsqtmmj224xs7k5vv1ycnmocjn), it's
> important that certain step arguments are properly escaped before being added
> to a gremlin script to protect against gremlin injection attacks. Currently
> all GLVs which have completed this transition have logic to escape string
> arguments, but they do not follow a consistent set of rules.
> We should develop a set of best practices for escaping gremlin-lang scripts,
> document this for users, and update all drivers to follow these consistent
> rules.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
