From 29876c9e00fa7cb018db1c87396034595eed129a Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <poirigui@msl.ubc.ca>
Date: Tue, 7 Mar 2023 13:56:17 -0800
Subject: [PATCH] rest: Prevent unlisted filterable properties from being used
 (fix #594)

---
 .../src/main/java/ubic/gemma/rest/util/args/FilterArg.java     | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/gemma-rest/src/main/java/ubic/gemma/rest/util/args/FilterArg.java b/gemma-rest/src/main/java/ubic/gemma/rest/util/args/FilterArg.java
index 4c332c7044..b74bc903c3 100644
--- a/gemma-rest/src/main/java/ubic/gemma/rest/util/args/FilterArg.java
+++ b/gemma-rest/src/main/java/ubic/gemma/rest/util/args/FilterArg.java
@@ -152,6 +152,9 @@ Filters getFilters( FilteringService<O> service ) throws MalformedArgException {
                 String property = subClause.PROPERTY().getText();
                 ubic.gemma.persistence.util.Filter.Operator operator;
                 try {
+                    if ( !service.getFilterableProperties().contains( property ) ) {
+                        throw new IllegalArgumentException( String.format( "The property of %s is unknown", property ) );
+                    }
                     if ( subClause.operator() != null ) {
                         operator = operatorToOperator( subClause.operator() );
                         String requiredValue = scalarToString( subClause.scalar() );