Backslash parsing in v3 client permits injection against GraphQL endpoint

[bismuthsalamander]

The v3 client uses the _sanitize_str function in util.py to sanitize quotation marks and newlines in input to the server's GraphQL endpoint. Quotation marks that are already escaped are left untouched, but _sanitize_str mishandles strings where the quotation mark is preceded by an even number of backslashes greater than one. This bug can be triggered with input to a Where filter, resulting in potential injection against the GraphQL server through user input.

Here's an example script showing the results, run using weaviate-client 3.99.0a4.

import weaviate

client = weaviate.client.Client(
    weaviate.client.ConnectionParams(
        scheme='http',
        host='localhost',
        port=8088
    )
)

def backslash_query(n):
    query = 'before' + ("\\" * n) + '"after'
    return (query, client.query.get("MyCollection", ["myField"]).with_where({'path':'myField', 'operator':'NotEqual', 'valueText':query}).do())

for n in range(0, 7):
    q, out = backslash_query(n)
    print(q, out)

The issue appears fixable by replacing the regular expression in _sanitize_str with the following:

value = re.sub(r'(?<!\\)((?:\\{2})*)"', r'\1\"', value)

This new regex passes through any even number of consecutive backslashes, adding the final odd one to escape the quotation mark when necessary. If the number of consecutive backslashes is odd, there will be no match, and the escaped quotation mark will stay intact.

An alternative would be to update the filter interface so that input is treated as representing the intention of the client (i.e., if the caller specifies a filter containing the string \", we assume the client wants the server to receive the two-character string \" in the filter). To achieve that effect, instead of using a regex, _sanitize_str could instead leverage the escaping in another module, like json:

value = json.dumps([value])[1:-1]