Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Terms query template should return only instances of nb:ControlledTerm subclasses #186

Closed
alyssadai opened this issue Sep 24, 2023 · 0 comments · Fixed by #194
Closed

Terms query template should return only instances of nb:ControlledTerm subclasses #186

alyssadai opened this issue Sep 24, 2023 · 0 comments · Fixed by #194
Assignees
@alyssadai
Labels
feat:improve Incremental, user facing improvements of an existing feature. quick fix Minimal planning and/or implementation work required. type:feature Effort to deliver new features, feature changes & improvements

Comments

@alyssadai
Copy link
Contributor

alyssadai commented Sep 24, 2023
edited
Loading

The following query

api/app/api/utility.py

Lines 227 to 232 in 03f5d5d

query_string = f"""
SELECT DISTINCT ?termURL
WHERE {{
?termURL a {data_element_URI}.
}}
"""

should be made more restrictive so as to further prevent query injection (i.e., sending any URI as a parameter and getting all the instances in the graph back)

See https://github.com/neurobagel/api/blob/main/vocab/nb_vocab.ttl for subclass syntax
@alyssadai alyssadai added feat:improve Incremental, user facing improvements of an existing feature. type:feature Effort to deliver new features, feature changes & improvements flag:schedule Flag issue that should go on the roadmap or backlog. labels Sep 24, 2023
@alyssadai alyssadai mentioned this issue Sep 25, 2023
Closed
11 tasks
@alyssadai alyssadai added quick fix Minimal planning and/or implementation work required. and removed flag:schedule Flag issue that should go on the roadmap or backlog. labels Sep 25, 2023
@alyssadai alyssadai self-assigned this Sep 29, 2023
@alyssadai alyssadai mentioned this issue Oct 3, 2023
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alyssadai alyssadai

Labels
feat:improve Incremental, user facing improvements of an existing feature. quick fix Minimal planning and/or implementation work required. type:feature Effort to deliver new features, feature changes & improvements
Projects
Neurobagel
Archived in project
Milestone
No milestone
1 participant
@alyssadai