Use params in dynamic ES queries

stackmuncher / stm_server

The server-side code behind stackmuncher.com, a global directory of software developers.

https://stackmuncher.com

GNU Affero General Public License v3.0

2 stars 0 forks source link

Use params in dynamic ES queries #33

Open rimutaka opened 2 years ago

rimutaka commented 2 years ago

Building dynamic ES queries without parameters feels totally wrong. For example:

GET dev/_search
{
  "aggs": {
    "suggestions": {
      "terms": {
        "field": "report.tech.pkgs_kw.k.keyword",
        "include": "mon.*"
      }
    }
  },
  "size": 0
}

where "include": "mon.*" is a dynamic field filled with user input. It allows Regex, so has to be thoroughly validated and escaped.

There should be a way of doing it via params like in SQL.