You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jena.apache.org by "Rob Vesse (JIRA)" <ji...@apache.org> on 2018/03/05 10:20:00 UTC

[jira] [Created] (JENA-1497) ParameterizedSparqlString detects delimiters incorrectly

Rob Vesse created JENA-1497:
-------------------------------

             Summary: ParameterizedSparqlString detects delimiters incorrectly
                 Key: JENA-1497
                 URL: https://issues.apache.org/jira/browse/JENA-1497
             Project: Apache Jena
          Issue Type: Bug
          Components: ARQ
    Affects Versions: Jena 3.6.0
            Reporter: Rob Vesse
            Assignee: Rob Vesse


As reported on the mailing list - [https://lists.apache.org/thread.html/3855aa8046cfea61433042655144f071c56baa7c5d61a78544730455@%3Cusers.jena.apache.org%3E|https://lists.apache.org/thread.html/3855aa8046cfea61433042655144f071c56baa7c5d61a78544730455@%3Cusers.jena.apache.org%3E]

Investigation shows that the delimiter parsing logic has some flaws that causes it to do the wrong thing resulting in the possibility of incorrect detection of injection attacks leading to some valid SPARQL strings being rejected when attempting to inject parameters.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)