Re: CVE-2023-22665: Apache Jena: Exposure of arbitrary execution in script engine expressions.
Is that already fixed in 4.8.0 or applies to Apache Jena versions 4.7.0+? Marco On Mon, Apr 24, 2023 at 8:03 PM Andy Seaborne wrote: > Severity: important > > Description: > > There is insufficient checking of user queries in Apache Jena versions > 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to > execute arbitrary javascript via a SPARQL query. > > Credit: > > L3yx of Syclover Security Team (reporter) > > References: > > https://jena.apache.org/ > https://www.cve.org/CVERecord?id=CVE-2023-22665 > > -- --- Marco Neumann
CVE-2023-22665: Apache Jena: Exposure of arbitrary execution in script engine expressions.
Severity: important Description: There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query. Credit: L3yx of Syclover Security Team (reporter) References: https://jena.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-22665
Re: Combine two columns in SPARQL
Thanks for testing it.
So wonder what it causing the empty values on my case.
On 24/04/2023 16.42, James Anderson wrote:
that would matter.
i make a dataset with strings:
https://dydra.com/test/test/first_10_types.html
On 24. Apr 2023, at 15:22, Mikael Pesonen wrote:
Okay so it should work? I'm getting empty on Jena 4.6.1.
Also tried
bind(concat(str(?pl), str(?al)) as ?pl_al)
just in case.
On 24/04/2023 16.16, James Anderson wrote:
good afternoon;
On 24. Apr 2023, at 14:18, Mikael Pesonen wrote:
Not Jena question but hope someone can help. I have two columns with always
equal amount of rows. How can they be combined into one column (variable)? This
method doesn't work (example has different predicates):
select ?s ?pl_al
where {
?s skos:prefLabel ?pl .
?s skos:altLabel ?al .
bind(concat(?pl, ?al) as ?pl_al)
}
what do you intend, which this does not yield:
https://dydra.com/test/test/columns.html
---
james anderson | ja...@dydra.com | https://dydra.com
--
Lingsoft - 30 years of Leading Language Management
www.lingsoft.fi
Speech Applications - Language Management - Translation - Reader's and Writer's
Tools - Text Tools - E-books and M-books
Mikael Pesonen
Semantic Technologies
e-mail: mikael.peso...@lingsoft.fi
Tel. +358 2 279 3300
Time zone: GMT+2
Helsinki Office
Eteläranta 10
FI-00130 Helsinki
FINLAND
Turku Office
Kauppiaskatu 5 A
FI-20100 Turku
FINLAND
---
james anderson | ja...@dydra.com | https://dydra.com
--
Lingsoft - 30 years of Leading Language Management
www.lingsoft.fi
Speech Applications - Language Management - Translation - Reader's and Writer's
Tools - Text Tools - E-books and M-books
Mikael Pesonen
Semantic Technologies
e-mail: mikael.peso...@lingsoft.fi
Tel. +358 2 279 3300
Time zone: GMT+2
Helsinki Office
Eteläranta 10
FI-00130 Helsinki
FINLAND
Turku Office
Kauppiaskatu 5 A
FI-20100 Turku
FINLAND
Re: Server error with large truncated log
On 24/04/2023 11:06, Mikael Pesonen wrote:
Do you have any idea what could mess up the log, or how to fix it?
Something is addign the
Apr 20 00:30:34 insight-terms.lingsoft.fi java[832674]
and it's not Fuseki.
On 22/04/2023 15.57, Andy Seaborne wrote:
On 20/04/2023 13:55, Mikael Pesonen wrote:
Removing fi section results same error and also when removing
OPTIONAL from en too. Query with all three languages work without
OPTIONALs but that doesn't capture graphs (?ls_id) without some
language content (returns only graphs that have all three languages).
https://gist.github.com/mikael1234/a0ed6b4947d392b5798ca29cdab69b1f
...
org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1038)
org.apache.thrift.protocol.TProtocolUtil.skip(TProtocolUtil.java:144)
...
TProtocolUtil.skip does not call Jetty. Thg ejetty line looks like the
start of a different stacktrace.
That seems to be the overlap of several log outputs with loss of details.
It does not have the beginning of any of the exceptions which is where
the exception message is.
Andy
On 20/04/2023 15.36, Andy Seaborne wrote:
On 20/04/2023 13:23, Mikael Pesonen wrote:
I have a query with some counts for statistics (only way I got them
working)
{ SELECT ?ls_id (count(distinct ?pl_fi) as ?fi_count) WHERE {
GRAPH ?ls_id {
?c skos:prefLabel ?pl_fi FILTER(LANG(?pl_fi) = "fi")
}} GROUP BY ?ls_id }
OPTIONAL {
{ SELECT ?ls_id (count(distinct ?pl_en) as ?en_count)WHERE {
GRAPH ?ls_id {
?c skos:prefLabel ?pl_en FILTER(LANG(?pl_en) = "en")
}} GROUP BY ?ls_id }
}
OPTIONAL {
{ SELECT ?ls_id (count(distinct ?pl_sv) as ?sv_count)WHERE {
GRAPH ?ls_id {
?c skos:prefLabel ?pl_sv FILTER(LANG(?pl_sv) = "sv")
}} GROUP BY ?ls_id }
}
With en and fi languages this works, but adding sv it fails with
Server Error and 12000+ lines of log for one exception.
Does en and sv work?
Log is truncated so beginning of the log is missing. How could I
proceed with debugging this? Jena is 4.6.1 and I'm running queries
in Fuseki web GUI.
Last lines of exception log:
No Jena code there.
What you are looking is the top of the stacktrace (back to the
operation in Jena) and also the top of the "caused by"
IF they are all the same, put one example on a gist.
Andy
Apr 20 15:08:40 x.lingsoft.fi java[832674]: at
org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497)
~[fuseki-server.jar:4.6.1]
Apr 20 15:08:40 x.lingsoft.fi java[832674]: at
org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282) ~[fuseki-server.jar:4.6.1]
Apr 20 15:08:40 x.lingsoft.fi java[832674]: at
org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:319) ~[fuseki-server.jar:4.6.1]
Apr 20 15:08:40 x.lingsoft.fi java[832674]: at
org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
~[fuseki-server.jar:4.6.1]
Apr 20 15:08:40 x.lingsoft.fi java[832674]: at
org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53) ~[fuseki-server.jar:4.6.1]
Apr 20 15:08:40 x.lingsoft.fi java[832674]: at
org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:412) ~[fuseki-server.jar:4.6.1]
Apr 20 15:08:40 x.lingsoft.fi java[832674]: at
org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:381) ~[fuseki-server.jar:4.6.1]
Apr 20 15:08:40 x.lingsoft.fi java[832674]: at
org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:268) ~[fuseki-server.jar:4.6.1]
Apr 20 15:08:40 x.lingsoft.fi java[832674]: at
org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:138) ~[fuseki-server.jar:4.6.1]
Apr 20 15:08:40 x.lingsoft.fi java[832674]: at
org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:407) ~[fuseki-server.jar:4.6.1]
Apr 20 15:08:40 x.lingsoft.fi java[832674]: at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:894) ~[fuseki-server.jar:4.6.1]
Apr 20 15:08:40 x.lingsoft.fi java[832674]: at
org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1038) ~[fuseki-server.jar:4.6.1]
Apr 20 15:08:40 x.lingsoft.fi java[832674]: [2023-04-20 15:08:40]
Fuseki INFO [6607] 500 Server Error (40.263 s)
Apr 20 15:08:40 x.lingsoft.fi java[832674]: [2023-04-20 15:08:40]
Fuseki INFO [6606] 500 Server Error (40.279 s)
Re: Combine two columns in SPARQL
that would matter.
i make a dataset with strings:
https://dydra.com/test/test/first_10_types.html
> On 24. Apr 2023, at 15:22, Mikael Pesonen wrote:
>
> Okay so it should work? I'm getting empty on Jena 4.6.1.
>
> Also tried
>
> bind(concat(str(?pl), str(?al)) as ?pl_al)
>
> just in case.
>
>
> On 24/04/2023 16.16, James Anderson wrote:
>> good afternoon;
>>
>>> On 24. Apr 2023, at 14:18, Mikael Pesonen
>>> wrote:
>>>
>>>
>>> Not Jena question but hope someone can help. I have two columns with always
>>> equal amount of rows. How can they be combined into one column (variable)?
>>> This method doesn't work (example has different predicates):
>>>
>>> select ?s ?pl_al
>>> where {
>>> ?s skos:prefLabel ?pl .
>>> ?s skos:altLabel ?al .
>>> bind(concat(?pl, ?al) as ?pl_al)
>>> }
>> what do you intend, which this does not yield:
>>
>> https://dydra.com/test/test/columns.html
>>
>>
>> ---
>> james anderson | ja...@dydra.com | https://dydra.com
>>
>>
>
> --
> Lingsoft - 30 years of Leading Language Management
>
> www.lingsoft.fi
>
> Speech Applications - Language Management - Translation - Reader's and
> Writer's Tools - Text Tools - E-books and M-books
>
> Mikael Pesonen
> Semantic Technologies
>
> e-mail: mikael.peso...@lingsoft.fi
> Tel. +358 2 279 3300
>
> Time zone: GMT+2
>
> Helsinki Office
> Eteläranta 10
> FI-00130 Helsinki
> FINLAND
>
> Turku Office
> Kauppiaskatu 5 A
> FI-20100 Turku
> FINLAND
>
---
james anderson | ja...@dydra.com | https://dydra.com
Re: Combine two columns in SPARQL
Okay so it should work? I'm getting empty on Jena 4.6.1.
Also tried
bind(concat(str(?pl), str(?al)) as ?pl_al)
just in case.
On 24/04/2023 16.16, James Anderson wrote:
good afternoon;
On 24. Apr 2023, at 14:18, Mikael Pesonen wrote:
Not Jena question but hope someone can help. I have two columns with always
equal amount of rows. How can they be combined into one column (variable)? This
method doesn't work (example has different predicates):
select ?s ?pl_al
where {
?s skos:prefLabel ?pl .
?s skos:altLabel ?al .
bind(concat(?pl, ?al) as ?pl_al)
}
what do you intend, which this does not yield:
https://dydra.com/test/test/columns.html
---
james anderson | ja...@dydra.com | https://dydra.com
--
Lingsoft - 30 years of Leading Language Management
www.lingsoft.fi
Speech Applications - Language Management - Translation - Reader's and Writer's
Tools - Text Tools - E-books and M-books
Mikael Pesonen
Semantic Technologies
e-mail: mikael.peso...@lingsoft.fi
Tel. +358 2 279 3300
Time zone: GMT+2
Helsinki Office
Eteläranta 10
FI-00130 Helsinki
FINLAND
Turku Office
Kauppiaskatu 5 A
FI-20100 Turku
FINLAND
Re: Combine two columns in SPARQL
good afternoon;
> On 24. Apr 2023, at 14:18, Mikael Pesonen wrote:
>
>
> Not Jena question but hope someone can help. I have two columns with always
> equal amount of rows. How can they be combined into one column (variable)?
> This method doesn't work (example has different predicates):
>
> select ?s ?pl_al
> where {
> ?s skos:prefLabel ?pl .
> ?s skos:altLabel ?al .
> bind(concat(?pl, ?al) as ?pl_al)
> }
what do you intend, which this does not yield:
https://dydra.com/test/test/columns.html
---
james anderson | ja...@dydra.com | https://dydra.com
Combine two columns in SPARQL
Not Jena question but hope someone can help. I have two columns with
always equal amount of rows. How can they be combined into one column
(variable)? This method doesn't work (example has different predicates):
select ?s ?pl_al
where {
?s skos:prefLabel ?pl .
?s skos:altLabel ?al .
bind(concat(?pl, ?al) as ?pl_al)
}
Re: Server error with large truncated log
Do you have any idea what could mess up the log, or how to fix it?
On 22/04/2023 15.57, Andy Seaborne wrote:
On 20/04/2023 13:55, Mikael Pesonen wrote:
Removing fi section results same error and also when removing
OPTIONAL from en too. Query with all three languages work without
OPTIONALs but that doesn't capture graphs (?ls_id) without some
language content (returns only graphs that have all three languages).
https://gist.github.com/mikael1234/a0ed6b4947d392b5798ca29cdab69b1f
...
org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1038)
org.apache.thrift.protocol.TProtocolUtil.skip(TProtocolUtil.java:144)
...
TProtocolUtil.skip does not call Jetty. Thg ejetty line looks like the
start of a different stacktrace.
That seems to be the overlap of several log outputs with loss of details.
It does not have the beginning of any of the exceptions which is where
the exception message is.
Andy
On 20/04/2023 15.36, Andy Seaborne wrote:
On 20/04/2023 13:23, Mikael Pesonen wrote:
I have a query with some counts for statistics (only way I got them
working)
{ SELECT ?ls_id (count(distinct ?pl_fi) as ?fi_count) WHERE {
GRAPH ?ls_id {
?c skos:prefLabel ?pl_fi FILTER(LANG(?pl_fi) = "fi")
}} GROUP BY ?ls_id }
OPTIONAL {
{ SELECT ?ls_id (count(distinct ?pl_en) as ?en_count)WHERE {
GRAPH ?ls_id {
?c skos:prefLabel ?pl_en FILTER(LANG(?pl_en) = "en")
}} GROUP BY ?ls_id }
}
OPTIONAL {
{ SELECT ?ls_id (count(distinct ?pl_sv) as ?sv_count)WHERE {
GRAPH ?ls_id {
?c skos:prefLabel ?pl_sv FILTER(LANG(?pl_sv) = "sv")
}} GROUP BY ?ls_id }
}
With en and fi languages this works, but adding sv it fails with
Server Error and 12000+ lines of log for one exception.
Does en and sv work?
Log is truncated so beginning of the log is missing. How could I
proceed with debugging this? Jena is 4.6.1 and I'm running queries
in Fuseki web GUI.
Last lines of exception log:
No Jena code there.
What you are looking is the top of the stacktrace (back to the
operation in Jena) and also the top of the "caused by"
IF they are all the same, put one example on a gist.
Andy
Apr 20 15:08:40 x.lingsoft.fi java[832674]: at
org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497)
~[fuseki-server.jar:4.6.1]
Apr 20 15:08:40 x.lingsoft.fi java[832674]: at
org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282)
~[fuseki-server.jar:4.6.1]
Apr 20 15:08:40 x.lingsoft.fi java[832674]: at
org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:319)
~[fuseki-server.jar:4.6.1]
Apr 20 15:08:40 x.lingsoft.fi java[832674]: at
org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
~[fuseki-server.jar:4.6.1]
Apr 20 15:08:40 x.lingsoft.fi java[832674]: at
org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
~[fuseki-server.jar:4.6.1]
Apr 20 15:08:40 x.lingsoft.fi java[832674]: at
org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:412)
~[fuseki-server.jar:4.6.1]
Apr 20 15:08:40 x.lingsoft.fi java[832674]: at
org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:381)
~[fuseki-server.jar:4.6.1]
Apr 20 15:08:40 x.lingsoft.fi java[832674]: at
org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:268)
~[fuseki-server.jar:4.6.1]
Apr 20 15:08:40 x.lingsoft.fi java[832674]: at
org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:138)
~[fuseki-server.jar:4.6.1]
Apr 20 15:08:40 x.lingsoft.fi java[832674]: at
org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:407)
~[fuseki-server.jar:4.6.1]
Apr 20 15:08:40 x.lingsoft.fi java[832674]: at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:894)
~[fuseki-server.jar:4.6.1]
Apr 20 15:08:40 x.lingsoft.fi java[832674]: at
org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1038)
~[fuseki-server.jar:4.6.1]
Apr 20 15:08:40 x.lingsoft.fi java[832674]: [2023-04-20 15:08:40]
Fuseki INFO [6607] 500 Server Error (40.263 s)
Apr 20 15:08:40 x.lingsoft.fi java[832674]: [2023-04-20 15:08:40]
Fuseki INFO [6606] 500 Server Error (40.279 s)
--
Lingsoft - 30 years of Leading Language Management
www.lingsoft.fi
Speech Applications - Language Management - Translation - Reader's and Writer's
Tools - Text Tools - E-books and M-books
Mikael Pesonen
Semantic Technologies
e-mail: mikael.peso...@lingsoft.fi
Tel. +358 2 279 3300
Time zone: GMT+2
Helsinki Office
Eteläranta 10
FI-00130 Helsinki
FINLAND
Turku Office
Kaupp
