ocelot-Social-Community/Ocelot-Social
1
0
Fork 0
mirror of https://github.com/Ocelot-Social-Community/Ocelot-Social.git synced 2025-12-13 07:46:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Patch cypher injection vulnerability

Browse Source 
@mattwr18 this patches the vulnerability. However we should never do
string interpolation with user input.
This commit is contained in:
Robert Schäfer 2019-06-29 13:45:37 +02:00
parent 7763083bd6
commit 4e687a06ea
2 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
backend/src/schema/resolvers/users.spec.js
View File

@ -143,7 +143,7 @@ describe('users', () => {
let deleteUserVariables let deleteUserVariables
let asAuthor let asAuthor
const deleteUserMutation = gql` const deleteUserMutation = gql`
mutation($id: ID!, $resource: [String]) { mutation($id: ID!, $resource: [Deletable]) {
DeleteUser(id: $id, resource: $resource) { DeleteUser(id: $id, resource: $resource) {
id id
contributions { contributions {

7
backend/src/schema/types/schema.gql
View File

@ -40,7 +40,7 @@ type Mutation {
follow(id: ID!, type: FollowTypeEnum): Boolean! follow(id: ID!, type: FollowTypeEnum): Boolean!
# Unfollow the given Type and ID # Unfollow the given Type and ID
unfollow(id: ID!, type: FollowTypeEnum): Boolean! unfollow(id: ID!, type: FollowTypeEnum): Boolean!
DeleteUser(id: ID!, resource: [String]): User DeleteUser(id: ID!, resource: [Deletable]): User
} }
type Statistics { type Statistics {
@ -92,6 +92,11 @@ type Report {
user: User @relation(name: "REPORTED", direction: "OUT") user: User @relation(name: "REPORTED", direction: "OUT")
} }
enum Deletable {
Post
Comment
}
enum ShoutTypeEnum { enum ShoutTypeEnum {
Post Post
Organization Organization