Skip to content

Commit

Permalink
Rename test cases and fix warnings (JENA-1497)
Browse files Browse the repository at this point in the history
  • Loading branch information
@rvesse
rvesse committed Mar 5, 2018
1 parent 411c103 commit 44683c4
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 41 deletions.
2 changes: 2 additions & 0 deletions jena-arq/src/main/java/org/apache/jena/query/ParameterizedSparqlString.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1685,6 +1685,7 @@ public boolean isInsideLiteral(int start, int stop) {
}
}

@SuppressWarnings("unused")
public boolean isInsideAltLiteral(int start, int stop) {
Pair<Integer, String> pair = this.findBefore(start);
if (pair == null)
Expand All @@ -1700,6 +1701,7 @@ public boolean isInsideAltLiteral(int start, int stop) {
}
}

@SuppressWarnings("unused")
public boolean isBetweenLiterals(int start, int stop) {
Pair<Integer, String> pairBefore = this.findBefore(start);
if (pairBefore == null)
Expand Down
82 changes: 41 additions & 41 deletions jena-arq/src/test/java/org/apache/jena/query/TestParameterizedSparqlString.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@ private Query testAsQuery(ParameterizedSparqlString query) {
return query.asQuery();
}

@SuppressWarnings("unused")
private UpdateRequest testAsUpdate(ParameterizedSparqlString update) {
return update.asUpdate();
}
Expand Down Expand Up @@ -1383,7 +1384,7 @@ public void test_param_string_injection_01() {
ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
pss.setIri("var2", "hello> } ; DROP ALL ; INSERT DATA { <s> <p> <goodbye>");

UpdateRequest updates = pss.asUpdate();
pss.asUpdate();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}

Expand All @@ -1394,7 +1395,7 @@ public void test_param_string_injection_02() {
ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
pss.setIri("var2", "hello> } ; DROP ALL ; INSERT DATA { <s> <p> <goodbye");

UpdateRequest updates = pss.asUpdate();
pss.asUpdate();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}

Expand All @@ -1417,7 +1418,7 @@ public void test_param_string_injection_04() {
ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
pss.setIri("var2", "hello> . ?s ?p ?o");

Query q = pss.asQuery();
pss.asQuery();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}

Expand Down Expand Up @@ -1450,7 +1451,7 @@ public void test_param_string_injection_06() {
ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
pss.setLiteral("var", "hello' . } ; DROP ALL ; INSERT DATA { <s> <p> \"goodbye");

UpdateRequest updates = pss.asUpdate();
pss.asUpdate();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}

Expand All @@ -1462,7 +1463,7 @@ public void test_param_string_injection_07() {
ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
pss.setLiteral("var", " . } ; DROP ALL ; INSERT DATA { <s> <p> ");

UpdateRequest updates = pss.asUpdate();
pss.asUpdate();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}

Expand All @@ -1475,7 +1476,7 @@ public void test_param_string_injection_08() {
ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
pss.setLiteral("var", "' . } ; DROP ALL ; INSERT DATA { <s> <p> <o> }#");

UpdateRequest updates = pss.asUpdate();
pss.asUpdate();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}

Expand Down Expand Up @@ -1515,7 +1516,7 @@ public void test_param_string_injection_10() {
pss.setLiteral(first, "?" + second);
pss.setLiteral(second, " . } ; DROP ALL ; INSERT DATA { <s> <p> ");

UpdateRequest updates = pss.asUpdate();
pss.asUpdate();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}

Expand All @@ -1528,7 +1529,7 @@ public void test_param_string_injection_11() {
ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
pss.setLiteral("var", " . } ; DROP ALL ; INSERT DATA { <s> <p> ");

UpdateRequest updates = pss.asUpdate();
pss.asUpdate();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}

Expand All @@ -1541,7 +1542,7 @@ public void test_param_string_injection_12() {
ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
pss.setLiteral("var", " . } ; DROP ALL ; INSERT DATA { <s> <p> ");

UpdateRequest updates = pss.asUpdate();
pss.asUpdate();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}

Expand Down Expand Up @@ -1589,36 +1590,10 @@ public void test_param_string_injection_15() {
pss.setLiteral(first, " ?" + second + " ");
pss.setLiteral(second, " . } ; DROP ALL ; INSERT DATA { <s> <p> ");

UpdateRequest updates = pss.asUpdate();
pss.asUpdate();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}



@Test
public void test_param_string_injection_16() {
String prefixes="PREFIX : <http://purl.bdrc.io/ontology/core/>\n" +
" PREFIX skos: <http://www.w3.org/2004/02/skos/core#>\n" +
" PREFIX text: <http://jena.apache.org/text#>\n" ;
HashMap<String,String> map=new HashMap<>();
map.put("L_name", "\"rgyud bla ma\"");
map.put("LG_name", "bo-x-ewts");
String test2=prefixes+ "select ?comment (GROUP_CONCAT(DISTINCT ?comment_type; SEPARATOR=\" <>" +
"\") AS ?comment_types) ?root_name\n" +
"where {\n" +
" (?root ?score ?root_name) text:query ?L_name .\n" +
" ?comment :workIsAbout ?root;\n" +
" :workGenre ?g .\n" +
" ?g skos:prefLabel ?comment_type .\n" +
" FILTER (contains(?comment_type, \"commentary\" ))\n" +
"}\n" +
"group by ?comment ?root_name";
ParameterizedSparqlString queryStr2 = new ParameterizedSparqlString(test2);
queryStr2.setLiteral("L_name", map.get("L_name"),map.get("LG_name"));
System.out.println(queryStr2.toString());
Query q2=queryStr2.asQuery();
}

@Test
public void test_param_string_non_injection_01() {
// This test checks that a legitimate injection of a literal to a
Expand Down Expand Up @@ -1652,6 +1627,31 @@ public void test_param_string_non_injection_02() {
queryStr.setLiteral("L_name", map.get("L_name"),map.get("LG_name"));
queryStr.asQuery();
}


@Test
public void test_param_string_non_injection_03() {
String prefixes="PREFIX : <http://purl.bdrc.io/ontology/core/>\n" +
" PREFIX skos: <http://www.w3.org/2004/02/skos/core#>\n" +
" PREFIX text: <http://jena.apache.org/text#>\n" ;
HashMap<String,String> map=new HashMap<>();
map.put("L_name", "\"rgyud bla ma\"");
map.put("LG_name", "bo-x-ewts");
String test2=prefixes+ "select ?comment (GROUP_CONCAT(DISTINCT ?comment_type; SEPARATOR=\" <>" +
"\") AS ?comment_types) ?root_name\n" +
"where {\n" +
" (?root ?score ?root_name) text:query ?L_name .\n" +
" ?comment :workIsAbout ?root;\n" +
" :workGenre ?g .\n" +
" ?g skos:prefLabel ?comment_type .\n" +
" FILTER (contains(?comment_type, \"commentary\" ))\n" +
"}\n" +
"group by ?comment ?root_name";
ParameterizedSparqlString queryStr2 = new ParameterizedSparqlString(test2);
queryStr2.setLiteral("L_name", map.get("L_name"),map.get("LG_name"));
System.out.println(queryStr2.toString());
queryStr2.asQuery();
}

@Test(expected = ARQException.class)
public void test_param_string_positional_injection_01() {
Expand All @@ -1660,7 +1660,7 @@ public void test_param_string_positional_injection_01() {
ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
pss.setIri(0, "hello> } ; DROP ALL ; INSERT DATA { <s> <p> <goodbye>");

UpdateRequest updates = pss.asUpdate();
pss.asUpdate();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}

Expand All @@ -1671,7 +1671,7 @@ public void test_param_string_positional_injection_02() {
ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
pss.setIri(0, "hello> } ; DROP ALL ; INSERT DATA { <s> <p> <goodbye");

UpdateRequest updates = pss.asUpdate();
pss.asUpdate();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}

Expand All @@ -1694,7 +1694,7 @@ public void test_param_string_positional_injection_04() {
ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
pss.setIri(0, "hello> . ?s ?p ?o");

Query q = pss.asQuery();
pss.asQuery();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}

Expand Down Expand Up @@ -1811,7 +1811,7 @@ public void test_param_string_positional_injection_11() {
ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
pss.setLiteral(0, " . } ; DROP ALL ; INSERT DATA { <s> <p> ");

UpdateRequest updates = pss.asUpdate();
pss.asUpdate();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}

Expand All @@ -1824,7 +1824,7 @@ public void test_param_string_positional_injection_12() {
ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
pss.setLiteral(0, " . } ; DROP ALL ; INSERT DATA { <s> <p> ");

UpdateRequest updates = pss.asUpdate();
pss.asUpdate();
Assert.fail("Attempt to do SPARQL injection should result in an exception");
}

Expand Down

0 comments on commit 44683c4

Please sign in to comment.