use of org.apache.jena.sparql.ARQException in project jena by apache.
the class UpdateProcessRemoteForm method execute.
@Override
public void execute() {
// Validation
if (this.getEndpoint() == null)
throw new ARQException("Null endpoint for remote update by form");
if (this.getUpdateRequest() == null)
throw new ARQException("Null update request for remote update");
// Execution
String reqStr = this.getUpdateRequest().toString();
Params ps = new Params(this.getParams());
ps.addParam(HttpParams.pUpdate, reqStr);
execHttpPostForm(this.getEndpoint(), ps, null, HttpResponseLib.nullResponse, getClient(), getHttpContext());
}
use of org.apache.jena.sparql.ARQException in project jena by apache.
the class RDFConnectionLocal method doPutPost.
private void doPutPost(String graph, String file, boolean replace) {
Objects.requireNonNull(file);
Lang lang = RDFLanguages.filenameToLang(file);
Txn.executeWrite(dataset, () -> {
if (RDFLanguages.isTriples(lang)) {
Model model = LibRDFConn.isDefault(graph) ? dataset.getDefaultModel() : dataset.getNamedModel(graph);
if (replace)
model.removeAll();
RDFDataMgr.read(model, file);
} else if (RDFLanguages.isQuads(lang)) {
if (replace)
dataset.asDatasetGraph().clear();
// Try to POST to the dataset.
RDFDataMgr.read(dataset, file);
} else
throw new ARQException("Not an RDF format: " + file + " (lang=" + lang + ")");
});
}
use of org.apache.jena.sparql.ARQException in project jena by apache.
the class ParameterizedSparqlString method validateSafeToInject.
/**
* Helper method which checks whether it is safe to inject to a variable
* parameter the given value
*
* @param command
* Current command string
* @param var
* Variable
* @param n
* Value to inject
* @throws ARQException
* Thrown if not safe to inject, error message will describe why
* it is unsafe to inject
*/
protected void validateSafeToInject(String command, String var, Node n) throws ARQException {
// Looks for the known injection attack vectors and throws an error if
// any are encountered
// A ?var surrounded by " or ' where the variable is a literal is an
// attack vector
Pattern p = Pattern.compile("\"[?$]" + var + "\"|'[?$]" + var + "'");
if (p.matcher(command).find() && n.isLiteral()) {
throw new ARQException("Command string is vunerable to injection attack, variable ?" + var + " appears surrounded directly by quotes and is bound to a literal which provides a SPARQL injection attack vector");
}
// Parse out delimiter info
DelimiterInfo delims = this.findDelimiters(command);
// Check each occurrence of the variable for safety
p = Pattern.compile("([?$]" + var + ")([^\\w]|$)");
Matcher matcher = p.matcher(command);
while (matcher.find()) {
MatchResult posMatch = matcher.toMatchResult();
if (n.isLiteral()) {
if (delims.isInsideLiteral(posMatch.start(1), posMatch.end(1))) {
throw new ARQException("Command string is vunerable to injection attack, variable ?" + var + " appears inside of a literal and is bound to a literal which provides a SPARQL injection attack vector");
}
}
}
}
use of org.apache.jena.sparql.ARQException in project jena by apache.
the class QueryExecUtils method getExactlyOne.
/**
* Execute, expecting the result to be one row, one column. Return that one.
* RDFNode or throw an exception.
* Use with {@code try ( QueryExecution qExec = ....)}.
*/
public static RDFNode getExactlyOne(QueryExecution qExec, String varname) {
ResultSet rs = qExec.execSelect();
if (!rs.hasNext())
throw new ARQException("Not found: var ?" + varname);
QuerySolution qs = rs.nextSolution();
RDFNode r = qs.get(varname);
if (rs.hasNext())
throw new ARQException("More than one: var ?" + varname);
return r;
}
use of org.apache.jena.sparql.ARQException in project jena by apache.
the class QueryExecUtils method getExactlyOne.
/**
* Execute a query, expecting the result to be one row, one column. Return
* that one RDFNode
*/
public static RDFNode getExactlyOne(String qs, Dataset ds) {
Query q = QueryFactory.create(qs);
if (q.getResultVars().size() != 1)
throw new ARQException("getExactlyOne: Must have exactly one result columns");
String varname = q.getResultVars().get(0);
try (QueryExecution qExec = QueryExecutionFactory.create(q, ds)) {
return getExactlyOne(qExec, varname);
}
}
Aggregations