Package com.hp.hpl.jena.update

Examples of com.hp.hpl.jena.update.UpdateRequest

1462
1463
1464
1465
1466
1467
1468
1469
        // variable parameters immediately surrounded by quotes
        String str = "PREFIX : <http://example/>\nINSERT DATA { <s> <p> \"?var\" }";
        ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
        pss.setLiteral("var", " . } ; DROP ALL ; INSERT DATA { <s> <p> ");

        UpdateRequest updates = pss.asUpdate();
        Assert.fail("Attempt to do SPARQL injection should result in an exception");
    }
View Full Code Here
1475
1476
1477
1478
1479
1480
1481
1482
        // literal
        String str = "PREFIX : <http://example/>\nINSERT DATA { <s> <p> '?var' }";
        ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
        pss.setLiteral("var", "' . } ; DROP ALL ; INSERT DATA { <s> <p> <o> }#");

        UpdateRequest updates = pss.asUpdate();
        Assert.fail("Attempt to do SPARQL injection should result in an exception");
    }
View Full Code Here
1488
1489
1490
1491
1492
1493
1494
1495
        // ends up being a valid string literal within quotes
        String str = "PREFIX : <http://example/>\nINSERT DATA { <s> <p> ?var }";
        ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
        pss.setLiteral("var", "\" . } ; DROP ALL ; INSERT DATA { <s> <p> <o> }#");

        UpdateRequest updates = pss.asUpdate();
        Assert.assertEquals(1, updates.getOperations().size());
    }
View Full Code Here
1515
1516
1517
1518
1519
1520
1521
1522
        String second = first.equals("var") ? "var2" : "var";

        pss.setLiteral(first, "?" + second);
        pss.setLiteral(second, " . } ; DROP ALL ; INSERT DATA { <s> <p> ");

        UpdateRequest updates = pss.asUpdate();
        Assert.fail("Attempt to do SPARQL injection should result in an exception");
    }
View Full Code Here
1528
1529
1530
1531
1532
1533
1534
1535
        // prevent this
        String str = "PREFIX : <http://example/>\nINSERT DATA { <s> <p> \" ?var \" }";
        ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
        pss.setLiteral("var", " . } ; DROP ALL ; INSERT DATA { <s> <p> ");

        UpdateRequest updates = pss.asUpdate();
        Assert.fail("Attempt to do SPARQL injection should result in an exception");
    }
View Full Code Here
1541
1542
1543
1544
1545
1546
1547
1548
        // prevent this
        String str = "PREFIX : <http://example/>\nINSERT DATA { <s> <p> \"some text ?var other text\" }";
        ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
        pss.setLiteral("var", " . } ; DROP ALL ; INSERT DATA { <s> <p> ");

        UpdateRequest updates = pss.asUpdate();
        Assert.fail("Attempt to do SPARQL injection should result in an exception");
    }
View Full Code Here
1553
1554
1555
1556
1557
1558
1559
1560
        // literal resulting in an injection, we now escape ' so prevent this
        String str = "PREFIX : <http://example/>\nINSERT DATA { <s> <p> ' ?var ' }";
        ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
        pss.setLiteral("var", "' . } ; DROP ALL ; INSERT DATA { <s> <p> <o> }#");

        UpdateRequest updates = pss.asUpdate();
        Assert.assertEquals(1, updates.getOperations().size());
    }
View Full Code Here
1565
1566
1567
1568
1569
1570
1571
1572
        // literal resulting in an injection, we now escape ' so prevent this
        String str = "PREFIX : <http://example/>\nINSERT DATA { <s> <p> 'some text ?var other text' }";
        ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
        pss.setLiteral("var", "' . } ; DROP ALL ; INSERT DATA { <s> <p> <o> }#");

        UpdateRequest updates = pss.asUpdate();
        Assert.assertEquals(1, updates.getOperations().size());
    }
View Full Code Here
1589
1590
1591
1592
1593
1594
1595
1596
        String second = first.equals("var") ? "var2" : "var";

        pss.setLiteral(first, " ?" + second + " ");
        pss.setLiteral(second, " . } ; DROP ALL ; INSERT DATA { <s> <p> ");

        UpdateRequest updates = pss.asUpdate();
        Assert.fail("Attempt to do SPARQL injection should result in an exception");
    }
View Full Code Here
1612
1613
1614
1615
1616
1617
1618
1619
        // This injection is prevented by forbidding the > character in URIs
        String str = "PREFIX : <http://example/>\nINSERT DATA { <s> <p> ?v . }";
        ParameterizedSparqlString pss = new ParameterizedSparqlString(str);
        pss.setIri(0, "hello> } ; DROP ALL ; INSERT DATA { <s> <p> <goodbye>");

        UpdateRequest updates = pss.asUpdate();
        Assert.fail("Attempt to do SPARQL injection should result in an exception");
    }
View Full Code Here
TOP

Related Classes of com.hp.hpl.jena.update.UpdateRequest

  • arq.examples.update.UpdateExecuteOperations
  • arq.examples.update.UpdateProgrammatic
  • arq.examples.update.UpdateReadFromFile
  • arq.load
  • arq.rupdate
  • arq.uparse
  • arq.update
  • com.hp.hpl.jena.query.TestParameterizedSparqlString
  • com.hp.hpl.jena.sparql.engine.http.TestService
  • com.hp.hpl.jena.sparql.graph.TestDatasets
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.