From 6de102f44be30f5c05c1c88a8ae15e0d40abe50b Mon Sep 17 00:00:00 2001
From: Giuseppe Villani <giuseppe.villani@larus-ba.it>
Date: Tue, 18 Oct 2022 11:58:13 +0200
Subject: [PATCH] [NOID] Add QueryType validation in apoc.trigger.add

---
 core/src/main/java/apoc/trigger/Trigger.java     |  7 ++++++-
 core/src/test/java/apoc/trigger/TriggerTest.java | 13 +++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/core/src/main/java/apoc/trigger/Trigger.java b/core/src/main/java/apoc/trigger/Trigger.java
index d06055385..d5d5f2659 100644
--- a/core/src/main/java/apoc/trigger/Trigger.java
+++ b/core/src/main/java/apoc/trigger/Trigger.java
@@ -12,6 +12,10 @@
 import java.util.Map;
 import java.util.stream.Stream;
 
+import static org.neo4j.graphdb.QueryExecutionType.QueryType.READ_ONLY;
+import static org.neo4j.graphdb.QueryExecutionType.QueryType.READ_WRITE;
+import static org.neo4j.graphdb.QueryExecutionType.QueryType.WRITE;
+
 /**
  * @author mh
  * @since 20.09.16
@@ -52,7 +56,8 @@ public TriggerInfo( String name, String query, Map<String,Object> selector, Map<
     @Procedure(mode = Mode.WRITE)
     @Description("add a trigger kernelTransaction under a name, in the kernelTransaction you can use {createdNodes}, {deletedNodes} etc., the selector is {phase:'before/after/rollback/afterAsync'} returns previous and new trigger information. Takes in an optional configuration.")
     public Stream<TriggerInfo> add(@Name("name") String name, @Name("kernelTransaction") String statement, @Name(value = "selector"/*, defaultValue = "{}"*/)  Map<String,Object> selector, @Name(value = "config", defaultValue = "{}") Map<String,Object> config) {
-        Util.validateQuery(db, statement);
+        Util.validateQuery(db, statement,
+                READ_ONLY, WRITE, READ_WRITE);
         Map<String,Object> params = (Map)config.getOrDefault("params", Collections.emptyMap());
         Map<String, Object> removed = triggerHandler.add(name, statement, selector, params);
         if (removed != null) {
diff --git a/core/src/test/java/apoc/trigger/TriggerTest.java b/core/src/test/java/apoc/trigger/TriggerTest.java
index 6988bfb00..7bc733a4d 100644
--- a/core/src/test/java/apoc/trigger/TriggerTest.java
+++ b/core/src/test/java/apoc/trigger/TriggerTest.java
@@ -23,8 +23,10 @@
 import static apoc.ApocConfig.APOC_TRIGGER_ENABLED;
 import static apoc.ApocConfig.apocConfig;
 import static apoc.util.MapUtil.map;
+import static apoc.util.TestUtil.testCall;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.fail;
 import static org.neo4j.configuration.GraphDatabaseSettings.procedure_unrestricted;
 
 /**
@@ -371,5 +373,16 @@ public void testDeleteRelationships() throws Exception {
                 , (value) -> value, 30L, TimeUnit.SECONDS);
     }
 
+    @Test
+    public void testTriggerWithSchemaOperation() {
+        try {
+            testCall(db, "CALL apoc.trigger.add('triggerSchema','CREATE INDEX periodicIdx FOR (n:Bar) ON (n.first_name, n.last_name)', {phase: 'before'})",
+                    (row) -> fail("Should fail because of unsupported schema operation"));
+        } catch (RuntimeException e) {
+            final String expected = "Failed to invoke procedure `apoc.trigger.add`: " +
+                    "Caused by: java.lang.RuntimeException: Supported query types for the operation are [READ_ONLY, WRITE, READ_WRITE]";
+            assertEquals(expected, e.getMessage());
+        }
+    }
 
 }