rvesse commented on PR #2096: URL: https://github.com/apache/jena/pull/2096#issuecomment-1822445487
> It is the test that is making the ordering assumption not the code under test. I think this is the key point in this discussion. This test is **deliberately** detecting the current iteration order in order to make a **deliberate** attempt to circumvent the SPARQL injection protections that the `ParameterisedSparqlString` provides. The underlying code does not need a consistent order to function, in the test scenario in question doing things in the opposite order actually means that the attempted attack vector has no chance of working. In a sense having an unpredictable iteration order is actually of benefit to this particular class -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
