private Query testAsQuery(ParameterizedSparqlString query) { return query.asQuery(); }
private Query buildConstructQuery(OWLClass cls, int depth){ StringBuilder sb = new StringBuilder(); int maxVarCnt = 0; sb.append("CONSTRUCT {\n"); sb.append("?s").append("?p0 ").append("?o0").append(".\n"); for(int i = 1; i < depth-1; i++){ sb.append("?o").append(i-1).append(" ").append("?p").append(i).append(" ").append("?o").append(i).append(".\n"); maxVarCnt++; } sb.append("?o").append(maxVarCnt).append(" a ?type.\n"); sb.append("}\n"); sb.append("WHERE {\n"); sb.append("?s a ?cls."); sb.append("?s").append("?p0 ").append("?o0").append(".\n"); for(int i = 1; i < depth-1; i++){ sb.append("OPTIONAL{\n"); sb.append("?o").append(i-1).append(" ").append("?p").append(i).append(" ").append("?o").append(i).append(".\n"); } sb.append("OPTIONAL{?o").append(maxVarCnt).append(" a ?type}.\n"); for(int i = 1; i < depth-1; i++){ sb.append("}"); } sb.append("}\n"); ParameterizedSparqlString template = new ParameterizedSparqlString(sb.toString()); template.setIri("cls", cls.toStringID()); return template.asQuery(); }
public QueryExecution query(){ String stringa = "http://dbpedia.org/resource/Fred_Guy"; ParameterizedSparqlString qs = new ParameterizedSparqlString( "" + "prefix dbpediaont: <http://dbpedia.org/ontology/>\n" + "prefix dbpedia: <http://dbpedia.org/resource/>\n" + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n" + "\n" + "select ?resource where {\n" + "?mat rdf:type ?resource\n" + "filter strstarts(str(?resource), dbpediaont:)\n" + "}" ); Resource risorsa = ResourceFactory.createResource(stringa); qs.setParam( "mat", risorsa ); //System.out.println( qs ); QueryExecution exec = QueryExecutionFactory.sparqlService( "http://dbpedia.org/sparql", qs.asQuery() ); ResultSet results = ResultSetFactory.copyResults( exec.execSelect() ); while ( results.hasNext() ) { System.out.println( results.next().get( "resource" )); } // A simpler way of printing the results. ResultSetFormatter.out( results ); return exec; }
QueryExecution exec = QueryExecutionFactory.sparqlService( "http://dbpedia.org/sparql", qs.asQuery() );
@Test public void test_param_string_non_injection_03() { String prefixes="PREFIX : <http://purl.bdrc.io/ontology/core/>\n" + " PREFIX skos: <http://www.w3.org/2004/02/skos/core#>\n" + " PREFIX text: <http://jena.apache.org/text#>\n" ; HashMap<String,String> map=new HashMap<>(); map.put("L_name", "\"rgyud bla ma\""); map.put("LG_name", "bo-x-ewts"); String test2=prefixes+ "select ?comment (GROUP_CONCAT(DISTINCT ?comment_type; SEPARATOR=\" <>" + "\") AS ?comment_types) ?root_name\n" + "where {\n" + " (?root ?score ?root_name) text:query ?L_name .\n" + " ?comment :workIsAbout ?root;\n" + " :workGenre ?g .\n" + " ?g skos:prefLabel ?comment_type .\n" + " FILTER (contains(?comment_type, \"commentary\" ))\n" + "}\n" + "group by ?comment ?root_name"; ParameterizedSparqlString queryStr2 = new ParameterizedSparqlString(test2); queryStr2.setLiteral("L_name", map.get("L_name"),map.get("LG_name")); queryStr2.asQuery(); }
@Test public void test_param_string_non_injection_02() { String prefixes="PREFIX : <http://purl.bdrc.io/ontology/core/>\n" + " PREFIX skos: <http://www.w3.org/2004/02/skos/core#>\n" + " PREFIX text: <http://jena.apache.org/text#>" ; HashMap<String,String> map=new HashMap<>(); map.put("L_name", "\"rgyud bla ma\""); map.put("LG_name", "bo-x-ewts"); String test1=prefixes+ "select ?comment (GROUP_CONCAT(DISTINCT ?comment_type; SEPARATOR=\" <>" + "\") AS ?comment_types) ?root_name\n" + "where {\n" + " (?root ?score ?root_name) text:query ?L_name .\n" + " ?comment :workIsAbout ?root;\n" + " :workGenre ?g .\n" + " ?g skos:prefLabel ?comment_type .\n" + "}\n"+ "group by ?comment ?root_name"; ParameterizedSparqlString queryStr = new ParameterizedSparqlString(test1); queryStr.setLiteral("L_name", map.get("L_name"),map.get("LG_name")); queryStr.asQuery(); }
/** * Retrieve resource data of all known won nodes that are saved in the Sparql endpoint. * * @return Set of all known won node resource data */ public Set<WonNodeInfo> retrieveAllWonNodeInfo() { Set<WonNodeInfo> wonNodeInfos = new HashSet<>(); String queryString = "SELECT ?graphUri ?nodeUri WHERE { GRAPH ?graphUri {?nodeUri won:hasUriPrefixSpecification ?c} }"; ParameterizedSparqlString pps = new ParameterizedSparqlString(); pps.setCommandText(queryString); pps.setNsPrefix("won", "http://purl.org/webofneeds/model#"); log.debug("Query SPARQL Endpoint: {}", sparqlEndpoint); log.debug("Execute query: {}", pps.toString()); QueryExecution qexec = QueryExecutionFactory.sparqlService(sparqlEndpoint, pps.asQuery()); ResultSet results = qexec.execSelect(); while (results.hasNext()) { QuerySolution qs = results.nextSolution(); RDFNode rdfNode = qs.get("graphUri"); if (rdfNode != null) { String graphUri = rdfNode.asResource().getURI(); Dataset ds = retrieveDataset(graphUri); WonNodeInfo nodeInfo = getWonNodeInfoFromDataset(ds); wonNodeInfos.add(nodeInfo); } } qexec.close(); return wonNodeInfos; }
@Test(expected = ARQException.class) public void test_param_string_positional_injection_04() { // This injection is prevented by forbidding the > character in URIs String str = "PREFIX : <http://example/>\nSELECT * WHERE { <s> <p> ? . }"; ParameterizedSparqlString pss = new ParameterizedSparqlString(str); pss.setIri(0, "hello> . ?s ?p ?o"); pss.asQuery(); Assert.fail("Attempt to do SPARQL injection should result in an exception"); }
Query query = sampleQueryTemplate.asQuery(); query.setLimit(pageSize);
@Test(expected = ARQException.class) public void test_param_string_injection_04() { // This injection is prevented by forbidding the > character in URIs String str = "PREFIX : <http://example/>\nSELECT * WHERE { <s> <p> ?var2 . }"; ParameterizedSparqlString pss = new ParameterizedSparqlString(str); pss.setIri("var2", "hello> . ?s ?p ?o"); pss.asQuery(); Assert.fail("Attempt to do SPARQL injection should result in an exception"); }
@Nonnull @Override public String getShortForm(@Nonnull OWLEntity entity) { queryTemplate.clearParams(); queryTemplate.setIri("entity", entity.toStringID()); queryTemplate.setIri("labelProperty", labelProperty); Query query = queryTemplate.asQuery(); try(QueryExecution qe = qef.createQueryExecution(query)) { ResultSet rs = qe.execSelect(); String label = null; if(rs.hasNext()){ label = rs.next().getLiteral("label").asLiteral().getLexicalForm(); } else { label = fallback.getShortForm(entity.getIRI()); } return label; } } }
QueryExecution qexec = QueryExecutionFactory.sparqlService(sparqlEndpoint, pps.asQuery()); ResultSet results = qexec.execSelect();
QueryExecution qexec = QueryExecutionFactory.sparqlService(sparqlEndpoint, pps.asQuery()); ResultSet results = qexec.execSelect();
ParameterizedSparqlString queryStr = new SparqlParameterizedString(); queryStr.setNSPrefix("sw", "http://skunkworks.example.com/redacted#"); queryStr.append("SELECT ?a ?b ?c ?d"); queryStr.append("{"); queryStr.append(" ?rawHit sw:key"); queryStr.appendNode(someKey); queryStr.append("."); queryStr.append(" ?rawHit sw:a ?a ."); queryStr.append(" ?rawHit sw:b ?b ."); queryStr.append(" ?rawHit sw:c ?c . "); queryStr.append(" ?rawHit sw:d ?d ."); queryStr.append("} ORDER BY DESC(d)"); Query q = queryStr.asQuery();
Query q = pss.asQuery(); QueryExecution qexec = QueryExecutionFactory.sparqlService(sparqlEndpoint, q); ResultSet results = qexec.execSelect();
/** * To start crawling (http modification query) from a certain point in time, take last * modification date from a connection known in the database that is in status 'DONE' which means * it has been crawled. * * @param wonNodeUri won node uri for which connection modification dates should be retrieved * @return modification date to start crawling from or null if none exists */ public String retrieveConnectionModificationDateForCrawling(String wonNodeUri) { String queryString = "SELECT ?modificationDate WHERE {\n" + " ?connectionUri a won:Connection.\n" + " ?connectionUri won:hasWonNode ?wonNodeUri. \n" + " ?connectionUri dcterms:modified ?modificationDate. \n" + " ?connectionUri won:crawlStatus 'DONE'. \n" + "} ORDER BY DESC(?modificationDate) LIMIT 1\n"; ParameterizedSparqlString pps = new ParameterizedSparqlString(); pps.setNsPrefix("won", "http://purl.org/webofneeds/model#"); pps.setNsPrefix("dcterms", "http://purl.org/dc/terms/"); pps.setCommandText(queryString); pps.setIri("wonNodeUri", wonNodeUri); QueryExecution qexec = QueryExecutionFactory.sparqlService(sparqlEndpoint, pps.asQuery()); ResultSet results = qexec.execSelect(); String modificationDate = null; if (results.hasNext()) { QuerySolution qs = results.nextSolution(); modificationDate = qs.get("modificationDate").asLiteral().getString(); } qexec.close(); return modificationDate; }
@Test public void test_param_string_positional_injection_05() { // This injection attempt results in a valid query but a failed // injection String str = "PREFIX : <http://example/>\nSELECT * WHERE { <s> <p> ? . }"; ParameterizedSparqlString pss = new ParameterizedSparqlString(str); pss.setLiteral(0, "hello\" . ?s ?p ?o"); Query q = pss.asQuery(); Element el = q.getQueryPattern(); if (el instanceof ElementTriplesBlock) { Assert.assertEquals(1, ((ElementTriplesBlock) q.getQueryPattern()).getPattern().size()); } else if (el instanceof ElementGroup) { Assert.assertEquals(1, ((ElementGroup) el).getElements().size()); el = ((ElementGroup) el).getElements().get(0); if (el instanceof ElementTriplesBlock) { Assert.assertEquals(1, ((ElementTriplesBlock) el).getPattern().size()); } } }
/** * To start crawling (http modification query) from a certain point in time, take last * modification date from a need known in the database that is in status 'DONE' which means * it has been crawled. * * @param wonNodeUri won node uri for which need modification dates should be retrieved * @return modification date to start crawling from or null if none exists */ public String retrieveNeedModificationDateForCrawling(String wonNodeUri) { String queryString = "SELECT ?modificationDate WHERE {\n" + " ?needUri a won:Need.\n" + " ?needUri won:hasWonNode ?wonNodeUri. \n" + " ?needUri dcterms:modified ?modificationDate. \n" + " ?needUri won:crawlStatus 'DONE'. \n" + "} ORDER BY DESC(?modificationDate) LIMIT 1\n"; ParameterizedSparqlString pps = new ParameterizedSparqlString(); pps.setNsPrefix("won", "http://purl.org/webofneeds/model#"); pps.setNsPrefix("dcterms", "http://purl.org/dc/terms/"); pps.setCommandText(queryString); pps.setIri("wonNodeUri", wonNodeUri); QueryExecution qexec = QueryExecutionFactory.sparqlService(sparqlEndpoint, pps.asQuery()); ResultSet results = qexec.execSelect(); String modificationDate = null; if (results.hasNext()) { QuerySolution qs = results.nextSolution(); modificationDate = qs.get("modificationDate").asLiteral().getString(); } qexec.close(); return modificationDate; }
@Test public void test_param_string_injection_05() { // This injection attempt results in a valid query but a failed // injection String str = "PREFIX : <http://example/>\nSELECT * WHERE { <s> <p> ?var2 . }"; ParameterizedSparqlString pss = new ParameterizedSparqlString(str); pss.setLiteral("var2", "hello\" . ?s ?p ?o"); Query q = pss.asQuery(); Element el = q.getQueryPattern(); if (el instanceof ElementTriplesBlock) { Assert.assertEquals(1, ((ElementTriplesBlock) q.getQueryPattern()).getPattern().size()); } else if (el instanceof ElementGroup) { Assert.assertEquals(1, ((ElementGroup) el).getElements().size()); el = ((ElementGroup) el).getElements().get(0); if (el instanceof ElementTriplesBlock) { Assert.assertEquals(1, ((ElementTriplesBlock) el).getPattern().size()); } } }
pq.setCommandText("SELECT * WHERE { ?s ?p ?o }"); pq.setIri("s", "_:" + bnode.getId()); Query q = pq.asQuery(); try(QueryExecution qe = QueryExecutionFactory.create(q, ds)) { ResultSet rset = qe.execSelect();