You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jena.apache.org by sa...@apache.org on 2012/08/01 01:23:46 UTC
svn commit: r1367820 - in /jena/trunk/jena-arq/src:
main/java/com/hp/hpl/jena/query/ParameterizedSparqlString.java
test/java/com/hp/hpl/jena/query/TestParameterizedSparqlString.java
Author: sallen
Date: Tue Jul 31 23:23:46 2012
New Revision: 1367820
URL: http://svn.apache.org/viewvc?rev=1367820&view=rev
Log:
Fix for SparqlParameterizedString to handle literal strings with special characters + tests for the same.
Modified:
jena/trunk/jena-arq/src/main/java/com/hp/hpl/jena/query/ParameterizedSparqlString.java
jena/trunk/jena-arq/src/test/java/com/hp/hpl/jena/query/TestParameterizedSparqlString.java
Modified: jena/trunk/jena-arq/src/main/java/com/hp/hpl/jena/query/ParameterizedSparqlString.java
URL: http://svn.apache.org/viewvc/jena/trunk/jena-arq/src/main/java/com/hp/hpl/jena/query/ParameterizedSparqlString.java?rev=1367820&r1=1367819&r2=1367820&view=diff
==============================================================================
--- jena/trunk/jena-arq/src/main/java/com/hp/hpl/jena/query/ParameterizedSparqlString.java (original)
+++ jena/trunk/jena-arq/src/main/java/com/hp/hpl/jena/query/ParameterizedSparqlString.java Tue Jul 31 23:23:46 2012
@@ -23,6 +23,7 @@ import java.util.Calendar;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
+import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.jena.iri.IRI;
@@ -613,7 +614,7 @@ public class ParameterizedSparqlString i
String var = vars.next();
Pattern p = Pattern.compile("([?$]" + var + ")([^\\w]|$)");
- command = p.matcher(command).replaceAll(FmtUtils.stringForNode(this.params.get(var), context) + "$2");
+ command = p.matcher(command).replaceAll(Matcher.quoteReplacement(FmtUtils.stringForNode(this.params.get(var), context)) + "$2");
}
//Build the final command string
Modified: jena/trunk/jena-arq/src/test/java/com/hp/hpl/jena/query/TestParameterizedSparqlString.java
URL: http://svn.apache.org/viewvc/jena/trunk/jena-arq/src/test/java/com/hp/hpl/jena/query/TestParameterizedSparqlString.java?rev=1367820&r1=1367819&r2=1367820&view=diff
==============================================================================
--- jena/trunk/jena-arq/src/test/java/com/hp/hpl/jena/query/TestParameterizedSparqlString.java (original)
+++ jena/trunk/jena-arq/src/test/java/com/hp/hpl/jena/query/TestParameterizedSparqlString.java Tue Jul 31 23:23:46 2012
@@ -235,6 +235,97 @@ public class TestParameterizedSparqlStri
}
@Test
+ public void test_param_string_string_1()
+ {
+ // Test regular string injection
+ String cmdText = "SELECT * WHERE { ?s ?p ?o . }";
+ ParameterizedSparqlString query = new ParameterizedSparqlString(cmdText);
+ query.setIri("s", "http://example.org");
+ query.setIri("p", "http://predicate");
+ query.setLiteral("o", "test");
+
+ Assert.assertEquals("SELECT * WHERE { <http://example.org> <http://predicate> \"test\" . }", query.toString());
+ }
+
+ @Test
+ public void test_param_string_string_2()
+ {
+ // Test a string with quotes
+ String cmdText = "SELECT * WHERE { ?s ?p ?o . }";
+ ParameterizedSparqlString query = new ParameterizedSparqlString(cmdText);
+ query.setIri("s", "http://example.org");
+ query.setIri("p", "http://predicate");
+ query.setLiteral("o", "A \"test\" string");
+
+ Assert.assertEquals("SELECT * WHERE { <http://example.org> <http://predicate> \"A \\\"test\\\" string\" . }", query.toString());
+ }
+
+ @Test
+ public void test_param_string_string_3()
+ {
+ // Test a string with a $
+ String cmdText = "SELECT * WHERE { ?s ?p ?o . }";
+ ParameterizedSparqlString query = new ParameterizedSparqlString(cmdText);
+ query.setIri("s", "http://example.org");
+ query.setIri("p", "http://predicate");
+ query.setLiteral("o", "Show me the $!");
+
+ Assert.assertEquals("SELECT * WHERE { <http://example.org> <http://predicate> \"Show me the $!\" . }", query.toString());
+ }
+
+ @Test
+ public void test_param_string_string_4()
+ {
+ // Test a string with a newline
+ String cmdText = "SELECT * WHERE { ?s ?p ?o . }";
+ ParameterizedSparqlString query = new ParameterizedSparqlString(cmdText);
+ query.setIri("s", "http://example.org");
+ query.setIri("p", "http://predicate");
+ query.setLiteral("o", "A multi\nline string");
+
+ Assert.assertEquals("SELECT * WHERE { <http://example.org> <http://predicate> \"A multi\\nline string\" . }", query.toString());
+ }
+
+ @Test
+ public void test_param_string_string_5()
+ {
+ // Test a string with a tab
+ String cmdText = "SELECT * WHERE { ?s ?p ?o . }";
+ ParameterizedSparqlString query = new ParameterizedSparqlString(cmdText);
+ query.setIri("s", "http://example.org");
+ query.setIri("p", "http://predicate");
+ query.setLiteral("o", "A tabby\tstring");
+
+ Assert.assertEquals("SELECT * WHERE { <http://example.org> <http://predicate> \"A tabby\\tstring\" . }", query.toString());
+ }
+
+ @Test
+ public void test_param_string_string_6()
+ {
+ // Test a string with a single quote
+ String cmdText = "SELECT * WHERE { ?s ?p ?o . }";
+ ParameterizedSparqlString query = new ParameterizedSparqlString(cmdText);
+ query.setIri("s", "http://example.org");
+ query.setIri("p", "http://predicate");
+ query.setLiteral("o", "A test's test");
+
+ Assert.assertEquals("SELECT * WHERE { <http://example.org> <http://predicate> \"A test's test\" . }", query.toString());
+ }
+
+ @Test
+ public void test_param_string_string_7()
+ {
+ // Test a string with a backslash
+ String cmdText = "SELECT * WHERE { ?s ?p ?o . }";
+ ParameterizedSparqlString query = new ParameterizedSparqlString(cmdText);
+ query.setIri("s", "http://example.org");
+ query.setIri("p", "http://predicate");
+ query.setLiteral("o", "test a\\b");
+
+ Assert.assertEquals("SELECT * WHERE { <http://example.org> <http://predicate> \"test a\\\\b\" . }", query.toString());
+ }
+
+ @Test
public void test_param_string_boolean_1()
{
//Test boolean injection