2

I am passing an actual symbol for a function as an argument to a Datomic query. Is this discouraged? Would you suggest generating the whole query dynamically instead (example would help)?

(d/q '[:find ?effect-o
       :in $ % ?pred-fn
       :where
       [_ :my/effect_o ?effect-o]
       [(db.utilities/binary_sentiment ?pred-fn ?effect-o)]]
     (get_db) ALL_RULES pred_fn)

(defn binary_sentiment [binary_pred_fn score]
  (binary_pred_fn score)
  )
m33lky
  • 7,055
  • 9
  • 41
  • 48

1 Answers1

1

Nice trick. The semantics are well-defined, so you should have no problems with this.

Stuart Dabbs Halloway
  • 1,658
  • 12
  • 10
  • I was worried that query arguments would be restricted to Datomic types for security reasons. – m33lky Mar 09 '17 at 16:09
  • 1
    This is likely true with clients, but not with peers. Peers are "inside" the database and trusted. – Stuart Dabbs Halloway Mar 22 '17 at 17:36
  • Are you saying that any input, from a webpage for example, should have been validated already? Since peers are "inside" the database, the queries and db functions are analogous to a stored procedure in the SQL world. This means that it is the responsibility of the peer to validate inputs to the db. – m33lky Mar 22 '17 at 18:30
  • I've also made this into a separate question: https://security.stackexchange.com/questions/154627/security-in-functional-programming – m33lky Mar 22 '17 at 18:44