From 715261238af82c501d45995c021605f1c6072604 Mon Sep 17 00:00:00 2001
From: mattwr18 <mattwr18@gmail.com>
Date: Wed, 30 Oct 2019 15:37:50 +0100
Subject: [PATCH] Protect against cypher injection vulnerability

- following @roschaefer PR review suggestion
---
 backend/src/schema/resolvers/notifications.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/src/schema/resolvers/notifications.js b/backend/src/schema/resolvers/notifications.js
index 8fe45bde3..93feb3781 100644
--- a/backend/src/schema/resolvers/notifications.js
+++ b/backend/src/schema/resolvers/notifications.js
@@ -40,8 +40,8 @@ export default {
         default:
           orderByClause = ''
       }
-      const offset = args.offset ? `SKIP ${args.offset}` : ''
-      const limit = args.first ? `LIMIT ${args.first}` : ''
+      const offset = args.offset && typeof args.offset === 'number' ? `SKIP ${args.offset}` : ''
+      const limit = args.first && typeof args.first === 'number' ? `LIMIT ${args.first}` : ''
       try {
         const cypher = `
         MATCH (resource {deleted: false, disabled: false})-[notification:NOTIFIED]->(user:User {id:$id})