You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jena.apache.org by rv...@apache.org on 2018/03/05 14:54:52 UTC
[2/3] jena git commit: Rename test cases and fix warnings (JENA-1497)
Rename test cases and fix warnings (JENA-1497)
Project: http://git-wip-us.apache.org/repos/asf/jena/repo
Commit: http://git-wip-us.apache.org/repos/asf/jena/commit/44683c42
Tree: http://git-wip-us.apache.org/repos/asf/jena/tree/44683c42
Diff: http://git-wip-us.apache.org/repos/asf/jena/diff/44683c42
Branch: refs/heads/master
Commit: 44683c424da9bea3b261151f7243524813917055
Parents: 411c103
Author: Rob Vesse <rv...@apache.org>
Authored: Mon Mar 5 10:30:58 2018 +0000
Committer: Rob Vesse <rv...@apache.org>
Committed: Mon Mar 5 10:30:58 2018 +0000
----------------------------------------------------------------------
.../jena/query/ParameterizedSparqlString.java | 2 +
.../query/TestParameterizedSparqlString.java | 82 ++++++++++----------
2 files changed, 43 insertions(+), 41 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/jena/blob/44683c42/jena-arq/src/main/java/org/apache/jena/query/ParameterizedSparqlString.java
----------------------------------------------------------------------
diff --git a/jena-arq/src/main/java/org/apache/jena/query/ParameterizedSparqlString.java b/jena-arq/src/main/java/org/apache/jena/query/ParameterizedSparqlString.java
index 0e3e150..b02d8ca 100644
--- a/jena-arq/src/main/java/org/apache/jena/query/ParameterizedSparqlString.java
+++ b/jena-arq/src/main/java/org/apache/jena/query/ParameterizedSparqlString.java
@@ -1685,6 +1685,7 @@ public class ParameterizedSparqlString implements PrefixMapping {
}
}
+ @SuppressWarnings("unused")
public boolean isInsideAltLiteral(int start, int stop) {
Pair<Integer, String> pair = this.findBefore(start);
if (pair == null)
@@ -1700,6 +1701,7 @@ public class ParameterizedSparqlString implements PrefixMapping {
}
}
+ @SuppressWarnings("unused")
public boolean isBetweenLiterals(int start, int stop) {
Pair<Integer, String> pairBefore = this.findBefore(start);
if (pairBefore == null)
http://git-wip-us.apache.org/repos/asf/jena/blob/44683c42/jena-arq/src/test/java/org/apache/jena/query/TestParameterizedSparqlString.java
----------------------------------------------------------------------
diff --git a/jena-arq/src/test/java/org/apache/jena/query/TestParameterizedSparqlString.java b/jena-arq/src/test/java/org/apache/jena/query/TestParameterizedSparqlString.java
index 2f928e7..a7bcef3 100644
--- a/jena-arq/src/test/java/org/apache/jena/query/TestParameterizedSparqlString.java
+++ b/jena-arq/src/test/java/org/apache/jena/query/TestParameterizedSparqlString.java
@@ -66,6 +66,7 @@ public class TestParameterizedSparqlString {
return query.asQuery();
}
+ @SuppressWarnings("unused")
private UpdateRequest testAsUpdate(ParameterizedSparqlString update) {
return update.asUpdate();
}
@@ -1383,7 +1384,7 @@ public class TestParameterizedSparqlString {
ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
pss.setIri("var2", "hello> } ; DROP ALL ; INSERT DATA { <s> <p> <goodbye>");
- UpdateRequest updates = pss.asUpdate();
+ pss.asUpdate();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}
@@ -1394,7 +1395,7 @@ public class TestParameterizedSparqlString {
ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
pss.setIri("var2", "hello> } ; DROP ALL ; INSERT DATA { <s> <p> <goodbye");
- UpdateRequest updates = pss.asUpdate();
+ pss.asUpdate();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}
@@ -1417,7 +1418,7 @@ public class TestParameterizedSparqlString {
ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
pss.setIri("var2", "hello> . ?s ?p ?o");
- Query q = pss.asQuery();
+ pss.asQuery();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}
@@ -1450,7 +1451,7 @@ public class TestParameterizedSparqlString {
ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
pss.setLiteral("var", "hello' . } ; DROP ALL ; INSERT DATA { <s> <p> \"goodbye");
- UpdateRequest updates = pss.asUpdate();
+ pss.asUpdate();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}
@@ -1462,7 +1463,7 @@ public class TestParameterizedSparqlString {
ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
pss.setLiteral("var", " . } ; DROP ALL ; INSERT DATA { <s> <p> ");
- UpdateRequest updates = pss.asUpdate();
+ pss.asUpdate();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}
@@ -1475,7 +1476,7 @@ public class TestParameterizedSparqlString {
ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
pss.setLiteral("var", "' . } ; DROP ALL ; INSERT DATA { <s> <p> <o> }#");
- UpdateRequest updates = pss.asUpdate();
+ pss.asUpdate();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}
@@ -1515,7 +1516,7 @@ public class TestParameterizedSparqlString {
pss.setLiteral(first, "?" + second);
pss.setLiteral(second, " . } ; DROP ALL ; INSERT DATA { <s> <p> ");
- UpdateRequest updates = pss.asUpdate();
+ pss.asUpdate();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}
@@ -1528,7 +1529,7 @@ public class TestParameterizedSparqlString {
ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
pss.setLiteral("var", " . } ; DROP ALL ; INSERT DATA { <s> <p> ");
- UpdateRequest updates = pss.asUpdate();
+ pss.asUpdate();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}
@@ -1541,7 +1542,7 @@ public class TestParameterizedSparqlString {
ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
pss.setLiteral("var", " . } ; DROP ALL ; INSERT DATA { <s> <p> ");
- UpdateRequest updates = pss.asUpdate();
+ pss.asUpdate();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}
@@ -1589,36 +1590,10 @@ public class TestParameterizedSparqlString {
pss.setLiteral(first, " ?" + second + " ");
pss.setLiteral(second, " . } ; DROP ALL ; INSERT DATA { <s> <p> ");
- UpdateRequest updates = pss.asUpdate();
+ pss.asUpdate();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}
-
-
- @Test
- public void test_param_string_injection_16() {
- String prefixes="PREFIX : <http://purl.bdrc.io/ontology/core/>\n" +
- " PREFIX skos: <http://www.w3.org/2004/02/skos/core#>\n" +
- " PREFIX text: <http://jena.apache.org/text#>\n" ;
- HashMap<String,String> map=new HashMap<>();
- map.put("L_name", "\"rgyud bla ma\"");
- map.put("LG_name", "bo-x-ewts");
- String test2=prefixes+ "select ?comment (GROUP_CONCAT(DISTINCT ?comment_type; SEPARATOR=\" <>" +
- "\") AS ?comment_types) ?root_name\n" +
- "where {\n" +
- " (?root ?score ?root_name) text:query ?L_name .\n" +
- " ?comment :workIsAbout ?root;\n" +
- " :workGenre ?g .\n" +
- " ?g skos:prefLabel ?comment_type .\n" +
- " FILTER (contains(?comment_type, \"commentary\" ))\n" +
- "}\n" +
- "group by ?comment ?root_name";
- ParameterizedSparqlString queryStr2 = new ParameterizedSparqlString(test2);
- queryStr2.setLiteral("L_name", map.get("L_name"),map.get("LG_name"));
- System.out.println(queryStr2.toString());
- Query q2=queryStr2.asQuery();
- }
-
@Test
public void test_param_string_non_injection_01() {
// This test checks that a legitimate injection of a literal to a
@@ -1652,6 +1627,31 @@ public class TestParameterizedSparqlString {
queryStr.setLiteral("L_name", map.get("L_name"),map.get("LG_name"));
queryStr.asQuery();
}
+
+
+ @Test
+ public void test_param_string_non_injection_03() {
+ String prefixes="PREFIX : <http://purl.bdrc.io/ontology/core/>\n" +
+ " PREFIX skos: <http://www.w3.org/2004/02/skos/core#>\n" +
+ " PREFIX text: <http://jena.apache.org/text#>\n" ;
+ HashMap<String,String> map=new HashMap<>();
+ map.put("L_name", "\"rgyud bla ma\"");
+ map.put("LG_name", "bo-x-ewts");
+ String test2=prefixes+ "select ?comment (GROUP_CONCAT(DISTINCT ?comment_type; SEPARATOR=\" <>" +
+ "\") AS ?comment_types) ?root_name\n" +
+ "where {\n" +
+ " (?root ?score ?root_name) text:query ?L_name .\n" +
+ " ?comment :workIsAbout ?root;\n" +
+ " :workGenre ?g .\n" +
+ " ?g skos:prefLabel ?comment_type .\n" +
+ " FILTER (contains(?comment_type, \"commentary\" ))\n" +
+ "}\n" +
+ "group by ?comment ?root_name";
+ ParameterizedSparqlString queryStr2 = new ParameterizedSparqlString(test2);
+ queryStr2.setLiteral("L_name", map.get("L_name"),map.get("LG_name"));
+ System.out.println(queryStr2.toString());
+ queryStr2.asQuery();
+ }
@Test(expected = ARQException.class)
public void test_param_string_positional_injection_01() {
@@ -1660,7 +1660,7 @@ public class TestParameterizedSparqlString {
ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
pss.setIri(0, "hello> } ; DROP ALL ; INSERT DATA { <s> <p> <goodbye>");
- UpdateRequest updates = pss.asUpdate();
+ pss.asUpdate();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}
@@ -1671,7 +1671,7 @@ public class TestParameterizedSparqlString {
ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
pss.setIri(0, "hello> } ; DROP ALL ; INSERT DATA { <s> <p> <goodbye");
- UpdateRequest updates = pss.asUpdate();
+ pss.asUpdate();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}
@@ -1694,7 +1694,7 @@ public class TestParameterizedSparqlString {
ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
pss.setIri(0, "hello> . ?s ?p ?o");
- Query q = pss.asQuery();
+ pss.asQuery();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}
@@ -1811,7 +1811,7 @@ public class TestParameterizedSparqlString {
ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
pss.setLiteral(0, " . } ; DROP ALL ; INSERT DATA { <s> <p> ");
- UpdateRequest updates = pss.asUpdate();
+ pss.asUpdate();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}
@@ -1824,7 +1824,7 @@ public class TestParameterizedSparqlString {
ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
pss.setLiteral(0, " . } ; DROP ALL ; INSERT DATA { <s> <p> ");
- UpdateRequest updates = pss.asUpdate();
+ pss.asUpdate();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}