Skip to content

Investigate SHOW command usage and CypherQueryFilter scope #475

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Copilot wants to merge 1 commit into from
Closed

Investigate SHOW command usage and CypherQueryFilter scope #475

Copilot wants to merge 1 commit into from

Conversation

Copy link
Contributor

Copilot AI commented Jan 28, 2026
edited
Loading

Addresses review feedback on PR #473 regarding whether SHOW commands should be blocked in CypherQueryFilter and how internal SHOW usage would be affected.

Investigation Results

The codebase uses SHOW CONSTRAINTS in one location:

  • tests/phpunit/Persistence/Neo4j/Neo4jConstraintUpdaterTest.php:36

These queries do not go through CypherQueryFilter. The filter only applies to user-provided queries from the {{#cypher:}} parser function in CypherRawParserFunction. Internal queries call runReadQuery() directly on Neo4jQueryStore, bypassing the filter entirely.

Implications

Adding SHOW to the blocked keywords would:

  • Block user queries through the parser function
  • Leave internal system usage unaffected (no exemption needed)
// CypherRawParserFunction.php - Filter applied here
if ( !$this->queryFilter->isReadQuery( $cypherQuery ) ) {
    return $this->formatError( ... );
}

// Neo4jQueryStore.php - Internal queries bypass filter
public function runReadQuery( string $cypher ): SummarizedResult {
    return $this->readOnlyClient->readTransaction( ... );
}

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI mentioned this pull request Jan 28, 2026
Merged
Copilot AI changed the title [WIP] Address feedback on use of SHOW in CypherQueryFilter service Investigate SHOW command usage and CypherQueryFilter scope Jan 28, 2026
Copilot AI requested a review from JeroenDeDauw January 28, 2026 20:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JeroenDeDauw JeroenDeDauw Awaiting requested review from JeroenDeDauw

Assignees

@JeroenDeDauw JeroenDeDauw

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JeroenDeDauw