Rob Vesse created JENA-1497: ------------------------------- Summary: ParameterizedSparqlString detects delimiters incorrectly Key: JENA-1497 URL: https://issues.apache.org/jira/browse/JENA-1497 Project: Apache Jena Issue Type: Bug Components: ARQ Affects Versions: Jena 3.6.0 Reporter: Rob Vesse Assignee: Rob Vesse
As reported on the mailing list - [https://lists.apache.org/thread.html/3855aa8046cfea61433042655144f071c56baa7c5d61a78544730455@%3Cusers.jena.apache.org%3E|https://lists.apache.org/thread.html/3855aa8046cfea61433042655144f071c56baa7c5d61a78544730455@%3Cusers.jena.apache.org%3E] Investigation shows that the delimiter parsing logic has some flaws that causes it to do the wrong thing resulting in the possibility of incorrect detection of injection attacks leading to some valid SPARQL strings being rejected when attempting to inject parameters. -- This message was sent by Atlassian JIRA (v7.6.3#76005)