Refine search
public static String getAllTriplesOfContext(URL context) throws IOException { String query = new String("SELECT ?x ?y ?z \n" + "FROM ?context \n" + "WHERE {?x ?y ?z}"); ParameterizedSparqlString queryString = new ParameterizedSparqlString( query); queryString.setIri("?context", context); return queryString.toString(); }
/** * Update named graph by first deleting it and afterwards inserting the triples of the new model. * * @param graph named graph to be updated * @param model model that holds triples to set */ public String createUpdateNamedGraphQuery(String graph, Model model) { StringWriter sw = new StringWriter(); RDFDataMgr.write(sw, model, Lang.NTRIPLES); String query = "\nCLEAR GRAPH ?g;\n" + "\nINSERT DATA { GRAPH ?g { " + sw + "}};\n"; ParameterizedSparqlString pps = new ParameterizedSparqlString(); pps.setCommandText(query); pps.setIri("g", graph); return pps.toString(); }
@Test public void test_param_string_iri_5() { // Test simple injection String cmdText = "SELECT * WHERE { ?s ?p ?o . }"; ParameterizedSparqlString query = new ParameterizedSparqlString(cmdText); query.setIri("s", "http://example.org"); query.setIri("p", "http://predicate"); test(query, new String[] { "<http://example.org>", "<http://predicate>" }, new String[] { "?s", "?p" }); }
@Test public void test_param_string_precedence_2() { // Test simple injection precedence // Setting parameter multiple times just overrides the existing setting String cmdText = "SELECT * WHERE { ? ?p ?o }"; ParameterizedSparqlString query = new ParameterizedSparqlString(cmdText); query.setIri(0, "http://example.org"); query.setIri(0, "http://alternate.org"); test(query, new String[] { "<http://alternate.org>" }, new String[] { "? ", "<http://example.org>" }); testAsQuery(query); }
public Model retrieveModel(String graphName) { String queryTemplate = "CONSTRUCT { ?s ?p ?o } WHERE { GRAPH ?g { ?s ?p ?o } . }"; ParameterizedSparqlString pps = new ParameterizedSparqlString(); pps.setCommandText(queryTemplate); pps.setIri("g", graphName); Query query = QueryFactory.create(pps.toString()); QueryExecution qexec = QueryExecutionFactory.sparqlService(sparqlEndpoint, query); Model model = qexec.execConstruct(); return model; }
@Test public void test_param_string_precedence_1() { // Test simple injection precedence // Setting parameter multiple times just overrides the existing setting String cmdText = "SELECT * WHERE { ?s ?p ?o }"; ParameterizedSparqlString query = new ParameterizedSparqlString(cmdText); query.setIri("s", "http://example.org"); query.setIri("s", "http://alternate.org"); test(query, new String[] { "<http://alternate.org>" }, new String[] { "?s", "<http://example.org>" }); testAsQuery(query); }
@Test public void test_param_string_mixed_1() { // Test simple injection String cmdText = "SELECT * WHERE { ?s ?p ?o . }"; ParameterizedSparqlString query = new ParameterizedSparqlString(cmdText); query.setIri("s", "http://example.org"); query.setIri("p", "http://predicate"); query.setLiteral("o", true); test(query, new String[] { "<http://example.org>", "<http://predicate>", "true" }, new String[] { "?s", "?p", "?o" }); }
@Test public void test_param_string_iri_4() { // Test simple injection String cmdText = "SELECT * WHERE { ?s ?p ?o . ?s a ?type }"; ParameterizedSparqlString query = new ParameterizedSparqlString(cmdText); query.setIri("s", "http://example.org"); test(query, new String[] { "<http://example.org>" }, new String[] { "?s" }); }
@Test public void test_param_string_iri_2() { // Test simple injection String cmdText = "SELECT * WHERE { ?s ?p ?o }"; ParameterizedSparqlString query = new ParameterizedSparqlString(cmdText); query.setIri("p", "http://example.org"); test(query, new String[] { "<http://example.org>" }, new String[] { "?p" }); }
@Test public void test_param_string_bnode_1() { // Test Blank Node injection String cmdText = "SELECT * WHERE { ?s ?p ?o . }"; ParameterizedSparqlString query = new ParameterizedSparqlString(cmdText); query.setIri("s", "_:blankNodeID"); test(query, new String[] { "<_:blankNodeID>" }, new String[] { "?s" }); }
@Test public void test_param_string_bnode_2() { // Test Blank Node injenction String cmdText = "INSERT { GRAPH <target> { ?node a:p ?o . } } WHERE { ?node a:p ?o . }"; ParameterizedSparqlString update = new ParameterizedSparqlString(cmdText); update.setIri("node", "_:blankNodeID"); test(update, new String[] { "<_:blankNodeID>" }, new String[] { "?node" }); }
@Test public void test_param_string_iri_1() { // Test simple injection String cmdText = "SELECT * WHERE { ?s ?p ?o }"; ParameterizedSparqlString query = new ParameterizedSparqlString(cmdText); query.setIri("s", "http://example.org"); test(query, new String[] { "<http://example.org>" }, new String[] { "?s" }); }
@Test public void test_param_string_iri_3() { // Test simple injection String cmdText = "SELECT * WHERE { ?s ?p ?o }"; ParameterizedSparqlString query = new ParameterizedSparqlString(cmdText); query.setIri("o", "http://example.org"); test(query, new String[] { "<http://example.org>" }, new String[] { "?o" }); }
@Test public void test_param_string_string_5() { // Test a string with a tab String cmdText = "SELECT * WHERE { ?s ?p ?o . }"; ParameterizedSparqlString query = new ParameterizedSparqlString(cmdText); query.setIri("s", "http://example.org"); query.setIri("p", "http://predicate"); query.setLiteral("o", "A tabby\tstring"); Assert.assertEquals("SELECT * WHERE { <http://example.org> <http://predicate> \"A tabby\\tstring\" . }", query.toString()); }
@Test public void test_param_string_string_6() { // Test a string with a single quote String cmdText = "SELECT * WHERE { ?s ?p ?o . }"; ParameterizedSparqlString query = new ParameterizedSparqlString(cmdText); query.setIri("s", "http://example.org"); query.setIri("p", "http://predicate"); query.setLiteral("o", "A test's test"); Assert.assertEquals("SELECT * WHERE { <http://example.org> <http://predicate> \"A test\\'s test\" . }", query.toString()); }
@Test public void test_param_string_string_1() { // Test regular string injection String cmdText = "SELECT * WHERE { ?s ?p ?o . }"; ParameterizedSparqlString query = new ParameterizedSparqlString(cmdText); query.setIri("s", "http://example.org"); query.setIri("p", "http://predicate"); query.setLiteral("o", "test"); Assert.assertEquals("SELECT * WHERE { <http://example.org> <http://predicate> \"test\" . }", query.toString()); }
@Test public void test_param_string_string_2() { // Test a string with quotes String cmdText = "SELECT * WHERE { ?s ?p ?o . }"; ParameterizedSparqlString query = new ParameterizedSparqlString(cmdText); query.setIri("s", "http://example.org"); query.setIri("p", "http://predicate"); query.setLiteral("o", "A \"test\" string"); Assert.assertEquals("SELECT * WHERE { <http://example.org> <http://predicate> \"A \\\"test\\\" string\" . }", query.toString()); }
@Test public void test_param_string_string_3() { // Test a string with a $ String cmdText = "SELECT * WHERE { ?s ?p ?o . }"; ParameterizedSparqlString query = new ParameterizedSparqlString(cmdText); query.setIri("s", "http://example.org"); query.setIri("p", "http://predicate"); query.setLiteral("o", "Show me the $!"); Assert.assertEquals("SELECT * WHERE { <http://example.org> <http://predicate> \"Show me the $!\" . }", query.toString()); }
@Test public void test_param_string_string_4() { // Test a string with a newline String cmdText = "SELECT * WHERE { ?s ?p ?o . }"; ParameterizedSparqlString query = new ParameterizedSparqlString(cmdText); query.setIri("s", "http://example.org"); query.setIri("p", "http://predicate"); query.setLiteral("o", "A multi\nline string"); Assert.assertEquals("SELECT * WHERE { <http://example.org> <http://predicate> \"A multi\\nline string\" . }", query.toString()); }
@Test public void test_param_string_string_7() { // Test a string with a backslash String cmdText = "SELECT * WHERE { ?s ?p ?o . }"; ParameterizedSparqlString query = new ParameterizedSparqlString(cmdText); query.setIri("s", "http://example.org"); query.setIri("p", "http://predicate"); query.setLiteral("o", "test a\\b"); Assert.assertEquals("SELECT * WHERE { <http://example.org> <http://predicate> \"test a\\\\b\" . }", query.toString()); }