Add unsafeEscapeOptions - Cherry Pick from 5 LTS

[angrykoala]

(cherry picked from commit 660861a)

Description

Add unsafeEscapeOptions to Neo4jGraphQL features with the following flags:

• disableRelationshipTypeEscaping (default to false)
• disableNodeLabelEscaping (defaults to false)

These flags remove the automatic escaping of node labels and relationship types in the generated Cypher.

For example, given the following schema:

type Actor {
    name: String!
}

type Movie {
    title: String!
    actors: [Actor!]! @relationship(type: "ACTED IN", direction: OUT)
}

A GraphQL query going through the actors relationship:

query {
    movies {
        title
        actors {
            name
        }
    }
}

Will normally generate the following Cypher for the relationship:

MATCH (this:Movie)-[this0:`ACTED IN`]->(this1:Actor)

The label ACTED IN is escaped by placing it inside backticks (```), as some characters in it are susceptible of code injection.

If the option disableRelationshipTypeEscaping is set in Neo4jGraphQL, this safety mechanism will be disabled:

new Neo4jGraphQL({
    typeDefs,
    features: {
        unsafeEscapeOptions: {
            disableRelationshipTypeEscaping: true,
        },
    },
});

Generating the following (incorrect) Cypher instead:

MATCH (this:Movie)-[this0:ACTED IN]->(this1:Actor)

This can be useful in very custom scenarios where the Cypher needs to be tweaked or if the labels and types have already been escaped.

Warning: This is a safety mechanism to avoid Cypher injection. Changing these options may lead to code injection and an unsafe server.

[changeset-bot]

🦋 Changeset detected

Latest commit: dcf4c76

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@neo4j/graphql	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[neo4j-team-graphql]

Performance Report

No Performance Changes

Show Full Table

name	dbHits	old dbHits	time (ms)	old time (ms)	maxRows
aggregations.TopLevelAggregate	3404	3404	40	60	1134
aggregations.TopLevelAggregateWithMultipleFields	6802	6802	53	81	1134
aggregations.NestedAggregation	15407	15407	66	92	2174
aggregations.AggregationWithWhere	10833	10833	52	64	2174
aggregations.AggregationWhereWithinNestedRelationships	20097917	20097917	2229	2415	2008534
aggregations.AggregationWhereWithinNestedConnections	20097917	20097917	2098	2421	2008534
aggregations.NestedCountFromMovieToActors	8603	8603	36	45	2174
aggregations.NestedCountFromActorsToMovie	8791	8791	41	53	2174
aggregations.DeeplyNestedCount	10052335	10052335	2970	3262	2008534
aggregations.InterfacesAggregations	6242	6242	53	74	2080
aggregations.InterfacesAggregationsWithTwoFields	11444	11444	86	110	2080
batch-create.BatchCreate	4200	4200	145	161	600
batch-create.BatchCreateSmall	77	77	77	70	11
connect.createAndConnect	6433	6433	172	228	3003
connections.Connection	12951	12951	79	91	2174
connections.NestedConnection	37705	37705	140	191	4516
create.SimpleMutation	7	7	54	75	1
cypher-directive.TopLevelMutationDirective	1135	1135	26	37	1134
delete.SimpleDelete	19401	19401	758	777	1040
2925.SingleRelationshipFilter	5245	5245	60	78	1040
2925.SingleRelationshipRequiredFilter	5201	5201	51	58	1040
query.SimpleQuery	3121	3121	25	29	1040
query.SimpleQueryWithRelationship	15031	15031	41	55	2174
query.SimpleQueryWithNestedWhere	8713	8713	54	80	2154
query.Nested	10084891	10084891	7267	7216	2008534
query.NestedWithFilter	10064992	10064992	7242	6698	2004000
query.OrFilterOnRelationships	36685	36451	228	265	1940
query.QueryWithNestedIn	14144	14144	72	73	1848
query.NestedConnectionWhere	8703	8703	63	79	2174
query.DeeplyNestedConnectionWhere	8702	8702	81	115	2174
query.DeeplyNestedWithRelationshipFilters	17357	17357	145	198	1552
query.NestedWithRelationshipSingleFilters	3808	3808	198	206	1134
query.Fulltext	64	64	33	49	16
query.FulltextWithNestedQuery	516	516	61	69	84
sorting-and-cypher.TopLevelSortWithCypher	12961	12961	53	54	2174
sorting-and-cypher.TopLevelConnectionSortWithCypher	12961	12961	75	79	2174
sorting-and-cypher.TopLevelSortWithCypherWithNested	13096	13096	62	80	2174
sorting-and-cypher.TopLevelConnectionSortWithCypherWithNested	13096	13096	106	128	2174
sorting-and-cypher.TopLevelSortWithExpensiveCypher	13725	13725	116	147	2174
sorting-and-cypher.TopLevelConnectionSortWithExpensiveCypher	13266	13266	140	151	2174
sorting.SortMultipleTypes	3436	3436	144	100	1040
sorting.SortMultipleTypesWithCypherWithCypher	13321	13321	124	138	2174
sorting.SortOnNestedFields	12951	12951	70	68	2174
sorting.SortDeeplyNestedFields	39785	39785	99	116	4516
sorting.ConnectionWithSort	3271	3271	77	87	1040
unions.SimpleUnionQuery	321	321	67	85	35
unions.SimpleUnionQueryWithMissingFields	293	293	78	71	35
unions.NestedUnion	309975	309975	306	306	33033
unions.NestedUnionWithMissingFields	283949	283949	297	301	33033
update.NestedUpdate	14137	14137	131	116	2002

Old Schema Generation: 31.999s
Schema Generation: 32.840s
Old Subgraph Schema Generation: 32.672s
Subgraph Schema Generation: 32.712s