[
https://issues.apache.org/jira/browse/JENA-2326?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17537546#comment-17537546
]
Kelvin Qian commented on JENA-2326:
-----------------------------------
[~andy] - Thank you for the fix.
As an addendum, I would hope to see a 4.5.1 release come out soon with this fix
(among an other recent issue fixes). I was trying to update our Jena deps to
4.5.0 due to 4.4.0 containing a security vulnerability
([CVE-28890|https://nvd.nist.gov/vuln/detail/CVE-2022-28890]), yet was unable
to update due to this bug. (Understandable if an update on such a short
timeframe is not practical, but I'm posting here for awareness at least.)
> recent change to UpdateEngineWorker validation is probably wrong
> ----------------------------------------------------------------
>
> Key: JENA-2326
> URL: https://issues.apache.org/jira/browse/JENA-2326
> Project: Apache Jena
> Issue Type: Bug
> Components: ARQ
> Affects Versions: Jena 4.5.0
> Reporter: Brian Vosburgh
> Assignee: Andy Seaborne
> Priority: Major
> Fix For: Jena 4.6.0
>
>
> A validation method in {{UpdateEngineWorker}} was recently changed. (I think
> the change is related to JENA-2293.)
> The previous method looked like this:
> {code:java}
> private boolean validBinaryGraphOp(UpdateBinaryOp update) {
> if ( update.getSrc().isDefault() )
> return true;
> if ( update.getSrc().isOneNamedGraph() ) {
> Node gn = update.getSrc().getGraph();
> if ( !datasetGraph.containsGraph(gn) ) {
> if ( !update.getSilent() )
> error("No such graph: " + gn);
> return false;
> }
> return true;
> }
> error("Invalid source target for oepration; " + update.getSrc());
> return false;
> }
> {code}
> The current method looks like this:
>
> {code:java}
> private void validateBinaryGraphOp(UpdateBinaryOp update) {
> if ( update.getSrc().isDefault() )
> return;
> if ( update.getSrc().isOneNamedGraph() ) {
> Node gn = update.getSrc().getGraph();
> if ( !datasetGraph.containsGraph(gn) )
> throw errorEx("No such graph: " + gn);
> }
> throw errorEx("Invalid source target for operation; " +
> update.getSrc());
> }
>
> {code}
> Assuming the validation logic has not changed, the current method is
> inconsistent with the previous version. To remain consistent, it should look
> like this:
>
> {code:java}
> private void validateBinaryGraphOp(UpdateBinaryOp update) {
> if ( update.getSrc().isDefault() )
> return;
> if ( update.getSrc().isOneNamedGraph() ) {
> Node gn = update.getSrc().getGraph();
> if ( !datasetGraph.containsGraph(gn) )
> throw errorEx("No such graph: " + gn);
> return;
> }
> throw errorEx("Invalid source target for operation; " +
> update.getSrc());
> }
>
> {code}
> Note the second {{return}} statement.
> This is causing unexpected test failures in our product test suite.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
