[jira] [Commented] (JENA-1578) SPARQL VALUES for ParameterizedSparqlString
[ https://issues.apache.org/jira/browse/JENA-1578?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16562066#comment-16562066 ] ASF GitHub Bot commented on JENA-1578: -- Github user GregAlbiston commented on the issue: https://github.com/apache/jena/pull/449 I've made updates to try and address the comments made so far. - Now using _FmtUtils.stringForNode_ for conversion of RDFNode to replacement string. - Local method _validateParameterValue_ now used as values are being set to prevent injection attack. - Local method _validateSafeToInject_ now used when the query is being parsed to prevent injection attack. This is called each of the target variables for each relevant item. i.e. Not the varName supplied for the substitution but the variable in the VALUES clause of the query that will be evaluated. - The need for parenthesis is now determined when the query is being parsed based on number of target variables in the VALUES clause and then, for a single target variable, the presence of parenthesis in the query. - Updated tests, removed methods no longer required and added additional JavaDoc comments. Thanks, Greg > SPARQL VALUES for ParameterizedSparqlString > --- > > Key: JENA-1578 > URL: https://issues.apache.org/jira/browse/JENA-1578 > Project: Apache Jena > Issue Type: New Feature > Components: ARQ >Affects Versions: Jena 3.8.0 >Reporter: Greg Albiston >Priority: Minor > > ParameterizedSparqlString provides an API for substituting variables within > SPARQL queries with bound values. It does not support the SPARQL VALUES > keyword which allows multiple values to be specified. The VALUES syntax > supports multiple values for a single variable, sets of values for multiple > variables and multiple sets of values for multiple values. > Inquiry on 24/07/18 the mailing list about this feature. Patch is forthcoming. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[GitHub] jena issue #449: JENA-1578
Github user GregAlbiston commented on the issue: https://github.com/apache/jena/pull/449 I've made updates to try and address the comments made so far. - Now using _FmtUtils.stringForNode_ for conversion of RDFNode to replacement string. - Local method _validateParameterValue_ now used as values are being set to prevent injection attack. - Local method _validateSafeToInject_ now used when the query is being parsed to prevent injection attack. This is called each of the target variables for each relevant item. i.e. Not the varName supplied for the substitution but the variable in the VALUES clause of the query that will be evaluated. - The need for parenthesis is now determined when the query is being parsed based on number of target variables in the VALUES clause and then, for a single target variable, the presence of parenthesis in the query. - Updated tests, removed methods no longer required and added additional JavaDoc comments. Thanks, Greg ---
[jira] [Commented] (JENA-1580) Provide a better message when the port for Fuseki basic is already in use.
[ https://issues.apache.org/jira/browse/JENA-1580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16562061#comment-16562061 ] ASF subversion and git services commented on JENA-1580: --- Commit fab78b8fcda5372b202b9d0af387ec2fa862668e in jena's branch refs/heads/master from [~an...@apache.org] [ https://git-wip-us.apache.org/repos/asf?p=jena.git;h=fab78b8 ] JENA-1580: Better error message when port in use > Provide a better message when the port for Fuseki basic is already in use. > -- > > Key: JENA-1580 > URL: https://issues.apache.org/jira/browse/JENA-1580 > Project: Apache Jena > Issue Type: Improvement >Affects Versions: Jena 3.8.0 >Reporter: Andy Seaborne >Assignee: Andy Seaborne >Priority: Minor > Fix For: Jena 3.9.0 > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (JENA-1580) Provide a better message when the port for Fuseki basic is already in use.
[ https://issues.apache.org/jira/browse/JENA-1580?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andy Seaborne resolved JENA-1580. - Resolution: Fixed Fix Version/s: Jena 3.9.0 > Provide a better message when the port for Fuseki basic is already in use. > -- > > Key: JENA-1580 > URL: https://issues.apache.org/jira/browse/JENA-1580 > Project: Apache Jena > Issue Type: Improvement >Affects Versions: Jena 3.8.0 >Reporter: Andy Seaborne >Assignee: Andy Seaborne >Priority: Minor > Fix For: Jena 3.9.0 > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (JENA-1580) Provide a better message when the port for Fuseki basic is already in use.
[ https://issues.apache.org/jira/browse/JENA-1580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16562063#comment-16562063 ] ASF GitHub Bot commented on JENA-1580: -- Github user asfgit closed the pull request at: https://github.com/apache/jena/pull/452 > Provide a better message when the port for Fuseki basic is already in use. > -- > > Key: JENA-1580 > URL: https://issues.apache.org/jira/browse/JENA-1580 > Project: Apache Jena > Issue Type: Improvement >Affects Versions: Jena 3.8.0 >Reporter: Andy Seaborne >Assignee: Andy Seaborne >Priority: Minor > Fix For: Jena 3.9.0 > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[GitHub] jena pull request #452: JENA-1580: Better error message when port in use
Github user asfgit closed the pull request at: https://github.com/apache/jena/pull/452 ---
[jira] [Commented] (JENA-1578) SPARQL VALUES for ParameterizedSparqlString
[
https://issues.apache.org/jira/browse/JENA-1578?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16561748#comment-16561748
]
ASF GitHub Bot commented on JENA-1578:
--
Github user rvesse commented on a diff in the pull request:
https://github.com/apache/jena/pull/449#discussion_r206083636
--- Diff:
jena-arq/src/main/java/org/apache/jena/query/ParameterizedSparqlString.java ---
@@ -1734,4 +1739,237 @@ public String toString() {
}
}
+
+/**
+ * Assign a varName with a multiple items and whether to include
+ * parenthesis.
+ *
+ * @param varName
+ * @param items
+ * @param isParenthesisNeeded
+ */
+public void setValues(String varName, Collection
items, boolean isParenthesisNeeded) {
+this.valuesReplacements.put(varName, new ValueReplacement(varName,
items, isParenthesisNeeded));
+}
+
+/**
+ * Assign a varName with a multiple items.
+ * Can be used to assign multiple values to a single variable or single
+ * value to multiple variables (if using a List) in the SPARQL
query.
+ * See setGroupedValues to assign multiple values to multiple
variables.
+ *
+ * @param varName
+ * @param items
+ */
+public void setValues(String varName, Collection
items) {
+setValues(varName, items, false);
+}
+
+/**
+ * Assign a varName with a single item and whether to include
parenthesis.
+ *
+ * @param varName
+ * @param item
+ * @param isParenthesisNeeded
+ */
+public void setValues(String varName, RDFNode item, boolean
isParenthesisNeeded) {
--- End diff --
I will take a proper look at this tomorrow.
My first reaction though is that I am a little worried that we would expose
to the user (even if they are a developer in this scenario) the decision as to
whether parenthesis are needed both from a security (SPARQL injection) and a
validity perspective. The code should be able to determine this based upon how
many variables are being inserted and do the right thing.
> SPARQL VALUES for ParameterizedSparqlString
> ---
>
> Key: JENA-1578
> URL: https://issues.apache.org/jira/browse/JENA-1578
> Project: Apache Jena
> Issue Type: New Feature
> Components: ARQ
>Affects Versions: Jena 3.8.0
>Reporter: Greg Albiston
>Priority: Minor
>
> ParameterizedSparqlString provides an API for substituting variables within
> SPARQL queries with bound values. It does not support the SPARQL VALUES
> keyword which allows multiple values to be specified. The VALUES syntax
> supports multiple values for a single variable, sets of values for multiple
> variables and multiple sets of values for multiple values.
> Inquiry on 24/07/18 the mailing list about this feature. Patch is forthcoming.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[GitHub] jena pull request #449: JENA-1578
Github user rvesse commented on a diff in the pull request:
https://github.com/apache/jena/pull/449#discussion_r206083636
--- Diff:
jena-arq/src/main/java/org/apache/jena/query/ParameterizedSparqlString.java ---
@@ -1734,4 +1739,237 @@ public String toString() {
}
}
+
+/**
+ * Assign a varName with a multiple items and whether to include
+ * parenthesis.
+ *
+ * @param varName
+ * @param items
+ * @param isParenthesisNeeded
+ */
+public void setValues(String varName, Collection
items, boolean isParenthesisNeeded) {
+this.valuesReplacements.put(varName, new ValueReplacement(varName,
items, isParenthesisNeeded));
+}
+
+/**
+ * Assign a varName with a multiple items.
+ * Can be used to assign multiple values to a single variable or single
+ * value to multiple variables (if using a List) in the SPARQL
query.
+ * See setGroupedValues to assign multiple values to multiple
variables.
+ *
+ * @param varName
+ * @param items
+ */
+public void setValues(String varName, Collection
items) {
+setValues(varName, items, false);
+}
+
+/**
+ * Assign a varName with a single item and whether to include
parenthesis.
+ *
+ * @param varName
+ * @param item
+ * @param isParenthesisNeeded
+ */
+public void setValues(String varName, RDFNode item, boolean
isParenthesisNeeded) {
--- End diff --
I will take a proper look at this tomorrow.
My first reaction though is that I am a little worried that we would expose
to the user (even if they are a developer in this scenario) the decision as to
whether parenthesis are needed both from a security (SPARQL injection) and a
validity perspective. The code should be able to determine this based upon how
many variables are being inserted and do the right thing.
---
