Index: src/com/hp/hpl/jena/sparql/ParameterNotFoundException.java
===================================================================
--- src/com/hp/hpl/jena/sparql/ParameterNotFoundException.java (revisión: 0)
+++ src/com/hp/hpl/jena/sparql/ParameterNotFoundException.java (revisión: 36)
@@ -0,0 +1,23 @@
+package com.hp.hpl.jena.sparql;
+
+import com.hp.hpl.jena.shared.JenaException;
+
+/**
+ *
+ * @author Pablo Orduña ( MoreLab )
+ * @author Aitor Almeida ( MoreLab )
+ * @author Unai Aguilera ( MoreLab )
+ * @author Iker Larizgoitia ( MoreLab )
+ * @author Xabier Laiseca ( MoreLab )
+ *
+ */
+public class ParameterNotFoundException extends JenaException {
+
+ public ParameterNotFoundException() {}
+
+ public ParameterNotFoundException(String message) { super(message); }
+
+ public ParameterNotFoundException(Throwable cause) { super(cause); }
+
+ public ParameterNotFoundException(String message, Throwable cause) { super(message, cause); }
+}
Index: src/com/hp/hpl/jena/sparql/ParameterizedString.java
===================================================================
--- src/com/hp/hpl/jena/sparql/ParameterizedString.java (revisión: 0)
+++ src/com/hp/hpl/jena/sparql/ParameterizedString.java (revisión: 36)
@@ -0,0 +1,379 @@
+package com.hp.hpl.jena.sparql;
+
+import java.util.Hashtable;
+import java.util.List;
+import java.util.Map;
+import java.util.Vector;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import com.hp.hpl.jena.query.QueryFactory;
+import com.hp.hpl.jena.query.Syntax;
+import com.hp.hpl.jena.update.UpdateFactory;
+
+/** An Object that represents a parameterized query string.
+ *
+ * In order to easily avoid SPARQL Injection/SPARUL Injection/RDQL
+ * Injection, it is possible to use thisclass to generate the initial
+ * SPARQL query (or modification or RDQL query) with parameters in the
+ * ${parameter.name} format, and then assign values to each parameter
+ * with the set methods. Each set method will check that there is no
+ * SPARQL/SPARUL/RDQL code inside.
+ *
+ *
+ * public ResultSet findFriends(String userInput){
+ * ParameterizedString secQuery = new ParameterizedString(
+ * "PREFIX sample: " +
+ * "SELECT ?p1 ?p2 " +
+ * "WHERE {" +
+ * " ?p1 a sample:Person . " +
+ * " ?p2 a sample:Person . " +
+ * " ?p1 sample:fullName ${full.name} . " +
+ * " ?p1 sample:isFriendOf ?p2 . " +
+ * "}";
+ * );
+ * seqQuery.setString("full.name", userInput);
+ * Query query = QueryFactory.create(seqQuery);
+ * QueryExecution queryExecution = QueryExecutionFactory.create(
+ * query,
+ * this.model
+ * );
+ * return queryExecution.execSelect();
+ * }
+ *
+ *
+ * A malicious user trying to inject code like:
+ *
+ *
+ * String userInput = "John Smith' . " +
+ * "?b1 a injection:Building . " +
+ * "?b1 injection:name ?buildingName . " +
+ * "FILTER regex(?buildingName, \"^F.*\") . " +
+ * "} #"; // }:-D
+ *
+ *
+ * to perform Blind SPARQL Injection (is there a building in the ontology
+ * which starts with F?) will not be successful.
+ *
+ * @author Pablo Orduña ( MoreLab )
+ * @author Aitor Almeida ( MoreLab )
+ * @author Unai Aguilera ( MoreLab )
+ * @author Iker Larizgoitia ( MoreLab )
+ * @author Xabier Laiseca ( MoreLab )
+ *
+ * @see QueryFactory
+ * @see UpdateFactory
+ */
+
+public class ParameterizedString {
+
+ public final String PARAMETER_REGEX = "\\$\\{[a-zA-Z0-9_\\.-]+\\}";
+ private final String XSD = "http://www.w3.org/2001/XMLSchema#";
+
+ // SELECT ?name FROM { ${name} }
+ // would be:
+
+ private String [] querySplitted; // {"SELECT ?name FROM { ", " }"}
+ private String [] keys; // name
+ // String -> String
+ private Map values = new Hashtable(); // name : ValueClass{"boolean","true"}
+
+ private class ValueClass{
+ private String type; //http://www.w3.org/TR/xmlschema-2/#built-in-datatypes
+ private String value;
+ public ValueClass(String type, String value){
+ this.type = type;
+ this.value = value;
+ }
+
+ public String getType() {
+ return type;
+ }
+
+ public String getValue() {
+ return value;
+ }
+ }
+
+ /**
+ * Initialize the object with a parameterized query.
+ *
+ * The parameters are defined by {@link #PARAMETER_REGEX} syntax.
+ *
+ * @param query The parameterized query
+ */
+
+ public ParameterizedString(String query){
+ if(query == null)
+ throw new IllegalArgumentException("query argument can't be null");
+ this.initialize(query + " ");
+ }
+
+ void initialize(String query){
+ this.querySplitted = parseQuerySplitted(query);
+ this.keys = parseParameters(query);
+ }
+
+ private String [] parseParameters(String s) {
+ Pattern pat = Pattern.compile(this.PARAMETER_REGEX);
+ Matcher mat = pat.matcher(s);
+ List parameters = new Vector();
+ while(mat.find()){
+ String param = mat.group();
+ param = param.substring(2, param.length() - 1);
+ parameters.add(param);
+ }
+ return (String[])parameters.toArray(new String[]{});
+ }
+
+ private String [] parseQuerySplitted(String s) {
+ Pattern pat = Pattern.compile(this.PARAMETER_REGEX);
+ return pat.split(s);
+ }
+
+ /**
+ * Sets the designated parameter to the given Java int value.
+ *
+ * @param label the parameter name.
+ * @param value the parameter value.
+ */
+
+ public void setInt (String label, int value)
+ {
+ // http://www.w3.org/TR/xmlschema-2/#int
+ setParameter(label, new ValueClass("int", Integer.toString(value)));
+ }
+
+ /**
+ * Sets the designated parameter to the given Java short value.
+ *
+ * @param label the parameter name.
+ * @param value the parameter value.
+ */
+
+ public void setShort (String label, short value)
+ {
+ // http://www.w3.org/TR/xmlschema-2/#short
+ setParameter(label, new ValueClass("short", Short.toString(value)));
+ }
+
+ /**
+ * Sets the designated parameter to the given Java long value.
+ *
+ * @param label the parameter name.
+ * @param value the parameter value.
+ */
+
+ public void setLong (String label, long value)
+ {
+ // http://www.w3.org/TR/xmlschema-2/#long
+ setParameter(label, new ValueClass("long", Long.toString(value)));
+ }
+
+ /**
+ * Sets the designated parameter to the given Java double value.
+ *
+ * @param label the parameter name.
+ * @param value the parameter value.
+ */
+
+ public void setDouble (String label, double value)
+ {
+ // http://www.w3.org/TR/xmlschema-2/#double
+ setParameter(label, new ValueClass("double", Double.toString(value)));
+ }
+
+ /**
+ * Sets the designated parameter to the given Java float value.
+ *
+ * @param label the parameter name.
+ * @param value the parameter value.
+ */
+
+ public void setFloat (String label, float value)
+ {
+ // http://www.w3.org/TR/xmlschema-2/#float
+ setParameter(label, new ValueClass("float", Float.toString(value)));
+ }
+
+ /**
+ * Sets the designated parameter to the given Java boolean value.
+ *
+ * @param label the parameter name.
+ * @param value the parameter value.
+ */
+
+ public void setBoolean (String label, boolean value)
+ {
+ // http://www.w3.org/TR/xmlschema-2/#boolean
+ setParameter(label, new ValueClass("boolean", Boolean.toString(value)));
+ }
+
+ /**
+ * Sets the designated parameter to the given Java byte value.
+ *
+ * @param label the parameter name.
+ * @param value the parameter value.
+ */
+
+ public void setByte (String label, byte value)
+ {
+ // http://www.w3.org/TR/xmlschema-2/#byte
+ setParameter(label, new ValueClass("byte", Byte.toString(value)));
+ }
+
+ /**
+ * Sets the designated parameter to the given Java String value.
+ *
+ * @param label the parameter name.
+ * @param value the parameter value.
+ */
+
+ public void setString (String label, String value)
+ {
+ //http://www.w3.org/TR/xmlschema-2/#string
+ if(value == null)
+ throw new IllegalArgumentException("param argument can't be null");
+ setParameter(label, new ValueClass("string", value));
+ }
+
+ private void setParameter (String label, ValueClass param)
+ {
+ for(int i = 0; i < this.keys.length; ++i)
+ if(this.keys[i].equals(label)){
+ this.values.put(label, param);
+ return;
+ }
+ throw new ParameterNotFoundException("Parameter " + label + " not found");
+ }
+
+ /**
+ * Build again the query with the provided parameters.
+ *
+ * This method will be called by the QueryFactory object.
+ *
+ * @return The query
+ * @throws ParameterNotAssignedException
+ */
+
+ public String getStringQuery(){
+ return this.getStringQuery(Syntax.syntaxSPARQL);
+ }
+
+ /**
+ * Build again the query with the provided parameters.
+ *
+ * This method will be called by the QueryFactory object.
+ *
+ * @return The query
+ * @throws ParameterNotAssignedException
+ */
+
+ public String getStringQuery(Syntax langURI){
+ if(
+ langURI == Syntax.syntaxSPARQL
+ || langURI == Syntax.syntaxRDQL
+ )
+ return this.getStringQueryImpl(langURI);
+ else
+ throw new UnsupportedOperationException("Unsupported syntax: " + langURI);
+ }
+
+ private String getStringQueryImpl(Syntax langURI){
+ int length = this.querySplitted.length;
+
+ String stringQuery = "";
+ for(int i = 0; i < length - 1; ++i){
+ stringQuery += this.querySplitted[i];
+ if(!this.values.containsKey(this.keys[i]))
+ throw new ParameterNotAssignedException("Parameter " + this.keys[i] + " was not assigned");
+
+ ValueClass parameter = (ValueClass)this.values.get(this.keys[i]);
+ String securedValue = this.secureParameter(parameter.getValue(), langURI);
+ String finalParameterValue = "'" + securedValue + "'^^<" + this.XSD + parameter.getType() + ">";
+ stringQuery += finalParameterValue;
+ }
+
+ if(length > 0)
+ stringQuery += this.querySplitted[length - 1];
+
+ return stringQuery.substring(0, stringQuery.length() - 1);
+ }
+
+ private String secureParameter(String param, Syntax langURI) {
+ String parsedParameter;
+ if(langURI == Syntax.syntaxSPARQL)
+ parsedParameter = parseUnicode(param);
+ else if(langURI == Syntax.syntaxRDQL)
+ parsedParameter = param;
+ else
+ // should not happen
+ throw new UnsupportedOperationException("Unsupported langURI: " + langURI);
+
+ return checkCharacters(parsedParameter);
+ }
+
+ private String checkCharacters(String secureParam) {
+ StringBuffer buffer = new StringBuffer();
+ for(int i = 0; i < secureParam.length(); ++i){
+ char c = secureParam.charAt(i);
+ switch(c){
+ case '\'':
+ buffer.append('\\');
+ buffer.append('\'');
+ break;
+ case '\\':
+ buffer.append('\\');
+ buffer.append('\\');
+ break;
+ // From here to the end... just in case
+ // http://www.w3.org/TR/rdf-sparql-query/#grammarEscapes
+ // http://www.w3.org/Submission/2004/SUBM-RDQL-20040109/#lexical-tokens
+ case '\t':
+ buffer.append('\\');
+ buffer.append('t');
+ break;
+ case '\n':
+ buffer.append('\\');
+ buffer.append('n');
+ break;
+ case '\r':
+ buffer.append('\\');
+ buffer.append('r');
+ break;
+ case '\b':
+ buffer.append('\\');
+ buffer.append('b');
+ break;
+ case '\"':
+ buffer.append('\\');
+ buffer.append('\"');
+ break;
+ case '\0':
+ buffer.append('\\');
+ buffer.append('0');
+ break;
+ default:
+ buffer.append(c);
+ }
+ }
+
+ return buffer.toString();
+ }
+
+ private String parseUnicode(String param){
+ // Only needed for SPAR{Q,U}L
+ // http://www.w3.org/TR/rdf-sparql-query/#codepointEscape
+ String unicodeRegex = "([^\\\\]|^)\\\\u([0-9a-fA-F]{4,8})";
+ Pattern pat = Pattern.compile(unicodeRegex);
+ Matcher mat = pat.matcher(param);
+ while(mat.find()){
+ String currentMatch = mat.group();
+ String firstCharacter = currentMatch.substring(0,currentMatch.lastIndexOf("\\"));
+ String numberInHex = currentMatch.substring(currentMatch.lastIndexOf("u") + 1);
+ char charValue = (char)Integer.parseInt(numberInHex, 16);
+ param = param.replace(currentMatch, firstCharacter + charValue);
+ }
+ return param;
+ }
+}
Index: src/com/hp/hpl/jena/sparql/ParameterNotAssignedException.java
===================================================================
--- src/com/hp/hpl/jena/sparql/ParameterNotAssignedException.java (revisión: 0)
+++ src/com/hp/hpl/jena/sparql/ParameterNotAssignedException.java (revisión: 36)
@@ -0,0 +1,23 @@
+package com.hp.hpl.jena.sparql;
+
+import com.hp.hpl.jena.shared.JenaException;
+
+/**
+ *
+ * @author Pablo Orduña ( MoreLab )
+ * @author Aitor Almeida ( MoreLab )
+ * @author Unai Aguilera ( MoreLab )
+ * @author Iker Larizgoitia ( MoreLab )
+ * @author Xabier Laiseca ( MoreLab )
+ *
+ */
+public class ParameterNotAssignedException extends JenaException {
+
+ public ParameterNotAssignedException() {}
+
+ public ParameterNotAssignedException(String message) { super(message); }
+
+ public ParameterNotAssignedException(Throwable cause) { super(cause); }
+
+ public ParameterNotAssignedException(String message, Throwable cause) { super(message, cause); }
+}
Index: src/com/hp/hpl/jena/sparql/suites/TestParameterizedString.java
===================================================================
--- src/com/hp/hpl/jena/sparql/suites/TestParameterizedString.java (revisión: 0)
+++ src/com/hp/hpl/jena/sparql/suites/TestParameterizedString.java (revisión: 36)
@@ -0,0 +1,226 @@
+package com.hp.hpl.jena.sparql.suites;
+
+import com.hp.hpl.jena.query.Syntax;
+import com.hp.hpl.jena.sparql.ParameterNotAssignedException;
+import com.hp.hpl.jena.sparql.ParameterNotFoundException;
+import com.hp.hpl.jena.sparql.ParameterizedString;
+
+import junit.framework.TestCase;
+
+/**
+ *
+ * @author Pablo Orduña ( MoreLab )
+ * @author Aitor Almeida ( MoreLab )
+ * @author Unai Aguilera ( MoreLab )
+ * @author Iker Larizgoitia ( MoreLab )
+ * @author Xabier Laiseca ( MoreLab )
+ *
+ */
+
+public class TestParameterizedString extends TestCase{
+
+ private final String XSD = "http://www.w3.org/2001/XMLSchema#";
+
+ public void testParameterizedString(){
+ String query_start = "SELECT a = ";
+ String query_end = " WHERE ";
+ ParameterizedString pqs = new ParameterizedString(query_start + "${user}" + query_end);
+ pqs.setString("user", "something");
+ assertEquals(query_start + "'something'^^<"+ XSD +"string>" + query_end, pqs.getStringQuery());
+ }
+
+ public void testParameterizedStringNotChanged(){
+ String query_begin = "SELECT a = ";
+ String fin_query = " WHERE ";
+ ParameterizedString pqs = new ParameterizedString(query_begin + "${user}" + fin_query);
+ try{
+ pqs.getStringQuery();
+ fail("Expected ParameterNotAssignedException");
+ }catch(ParameterNotAssignedException pnae){
+ //pass
+ }
+ }
+
+ public void testParameterizedStringReplacedWithBraces(){
+ String query_begin = "SELECT a = ";
+ String fin_query = " WHERE ";
+ ParameterizedString pqs = new ParameterizedString(query_begin + "${user}" + fin_query);
+ pqs.setString("user", "${user}");
+ assertEquals(
+ "SELECT a = '${user}'^^<"+ XSD +"string> WHERE ",
+ pqs.getStringQuery()
+ );
+ }
+
+ public void testParameterizedStringWithQuote(){
+ String query_begin = "SELECT a = ";
+ String fin_query = " WHERE ";
+ ParameterizedString pqs = new ParameterizedString(query_begin + "${user}" + fin_query);
+ pqs.setString("user", "O'Reilly");
+ assertEquals(
+ "SELECT a = 'O\\'Reilly'^^<"+ XSD +"string> WHERE ",
+ pqs.getStringQuery()
+ );
+ }
+
+ public void testParameterizedStringWithOtherChars(){
+ String query_begin = "SELECT a = ";
+ String fin_query = " WHERE ";
+ ParameterizedString pqs = new ParameterizedString(query_begin + "${user}" + fin_query);
+ pqs.setString("user", "said \"hello\" :-)");
+ assertEquals(
+ "SELECT a = 'said \\\"hello\\\" :-)'^^<"+ XSD +"string> WHERE ",
+ pqs.getStringQuery()
+ );
+ pqs.setString("user", "and\0");
+ assertEquals(
+ "SELECT a = 'and\\0'^^<"+ XSD +"string> WHERE ",
+ pqs.getStringQuery()
+ );
+ pqs.setString("user", "and\n");
+ assertEquals(
+ "SELECT a = 'and\\n'^^<"+ XSD +"string> WHERE ",
+ pqs.getStringQuery()
+ );
+ pqs.setString("user", "and\\");
+ assertEquals(
+ "SELECT a = 'and\\\\'^^<"+ XSD +"string> WHERE ",
+ pqs.getStringQuery()
+ );
+ pqs.setString("user", "and\r");
+ assertEquals(
+ "SELECT a = 'and\\r'^^<"+ XSD +"string> WHERE ",
+ pqs.getStringQuery()
+ );
+ }
+
+ public void testParameterizedStringWithUnicodeQuote(){
+ String query_begin = "SELECT a = ";
+ String query_end = " WHERE ";
+ ParameterizedString pqs = new ParameterizedString(query_begin + "${user}" + query_end);
+ pqs.setString("user", "O\\u0027Reilly's books");
+ assertEquals(
+ "SELECT a = 'O\\'Reilly\\'s books'^^<"+ XSD +"string> WHERE ",
+ pqs.getStringQuery()
+ );
+ pqs.setString("user", "O\\u0027Reilly");
+ assertEquals(
+ "SELECT a = 'O\\'Reilly'^^<"+ XSD +"string> WHERE ",
+ pqs.getStringQuery()
+ );
+ pqs.setString("user", "\\u0027Reilly");
+ assertEquals(
+ "SELECT a = '\\'Reilly'^^<"+ XSD +"string> WHERE ",
+ pqs.getStringQuery()
+ );
+ pqs.setString("user", "\\\\u0027Reilly");
+ assertEquals(
+ "SELECT a = '\\\\\\\\u0027Reilly'^^<"+ XSD +"string> WHERE ",
+ pqs.getStringQuery()
+ );
+ pqs.setString("user", "\\u00000027Reilly");
+ assertEquals(
+ "SELECT a = '\\'Reilly'^^<"+ XSD +"string> WHERE ",
+ pqs.getStringQuery()
+ );
+ }
+
+ public void testParameterizedStringUnsupportedSyntax(){
+ ParameterizedString pqs = new ParameterizedString("whatever");
+ try{
+ pqs.getStringQuery(Syntax.syntaxARQ);
+ fail("Expected UnsupportedOperationException");
+ }catch(UnsupportedOperationException uoe){
+ //pass
+ }
+ }
+
+ public void testParameterizedStringWithUnicodeQuoteAndRDQL(){
+ String query_begin = "SELECT a = ";
+ String query_end = " WHERE ";
+ ParameterizedString pqs = new ParameterizedString(query_begin + "${user}" + query_end);
+ pqs.setString("user", "O\\u0027Reilly's books");
+ assertEquals(
+ "SELECT a = 'O\\\\u0027Reilly\\'s books'^^<"+ XSD +"string> WHERE ",
+ pqs.getStringQuery(Syntax.syntaxRDQL)
+ );
+ pqs.setString("user", "O\\u0027Reilly");
+ assertEquals(
+ "SELECT a = 'O\\\\u0027Reilly'^^<"+ XSD +"string> WHERE ",
+ pqs.getStringQuery(Syntax.syntaxRDQL)
+ );
+ pqs.setString("user", "\\u0027Reilly");
+ assertEquals(
+ "SELECT a = '\\\\u0027Reilly'^^<"+ XSD +"string> WHERE ",
+ pqs.getStringQuery(Syntax.syntaxRDQL)
+ );
+ pqs.setString("user", "\\\\u0027Reilly");
+ assertEquals(
+ "SELECT a = '\\\\\\\\u0027Reilly'^^<"+ XSD +"string> WHERE ",
+ pqs.getStringQuery(Syntax.syntaxRDQL)
+ );
+ pqs.setString("user", "\\u00000027Reilly");
+ assertEquals(
+ "SELECT a = '\\\\u00000027Reilly'^^<"+ XSD +"string> WHERE ",
+ pqs.getStringQuery(Syntax.syntaxRDQL)
+ );
+ }
+
+ public void testParameterizedStringParameterDoesNotExist(){
+ String query_begin = "SELECT a = ";
+ String fin_query = " WHERE ";
+ ParameterizedString pqs = new ParameterizedString(query_begin + "${user}" + fin_query);
+ try{
+ pqs.setString("this.does.not.exist", "whatever");
+ fail("Expected ParameterNotFoundException");
+ }catch(ParameterNotFoundException pnae){
+ //pass
+ }
+ }
+
+ public void testParameterizedStringFinishingInVariable(){
+ ParameterizedString pqs = new ParameterizedString("${user1}${user2}${user3}${user4}");
+ pqs.setString("user1", "whatever1");
+ pqs.setString("user2", "whatever2");
+ pqs.setString("user3", "whatever3");
+ pqs.setString("user4", "whatever4");
+ assertEquals(
+ "'whatever1'^^" +
+ "'whatever2'^^" +
+ "'whatever3'^^" +
+ "'whatever4'^^",
+ pqs.getStringQuery()
+ );
+ }
+
+ public void testXsdTypes(){
+ ParameterizedString pqs = new ParameterizedString(
+ "${short}" +
+ "${int}" +
+ "${long}" +
+ "${double}" +
+ "${float}" +
+ "${boolean}" +
+ "${byte}"
+ );
+ pqs.setShort( "short", (short)1);
+ pqs.setInt( "int", 2);
+ pqs.setLong( "long", 3L);
+ pqs.setDouble( "double", 4.0);
+ pqs.setFloat( "float", 5.0f);
+ pqs.setBoolean( "boolean", true);
+ pqs.setByte( "byte", (byte)6);
+
+ assertEquals(
+ "'1'^^<" + XSD + "short>" +
+ "'2'^^<" + XSD + "int>" +
+ "'3'^^<" + XSD + "long>" +
+ "'4.0'^^<" + XSD + "double>" +
+ "'5.0'^^<" + XSD + "float>" +
+ "'true'^^<" + XSD + "boolean>" +
+ "'6'^^<" + XSD + "byte>",
+ pqs.getStringQuery()
+ );
+ }
+
+}
Index: src/com/hp/hpl/jena/update/UpdateFactory.java
===================================================================
--- src/com/hp/hpl/jena/update/UpdateFactory.java (revisión: 4)
+++ src/com/hp/hpl/jena/update/UpdateFactory.java (copia de trabajo)
@@ -10,9 +10,9 @@
import java.io.FileNotFoundException;
import java.io.InputStream;
+import com.hp.hpl.jena.sparql.ParameterizedString;
import com.hp.hpl.jena.sparql.modify.lang.ParserSPARQLUpdate;
-
public class UpdateFactory
{
/** Create an empty UpdateRequest */
@@ -27,6 +27,15 @@
return update ;
}
+ /** Create an UpdateRequest by parsing the given secure string */
+ public static UpdateRequest create(ParameterizedString str)
+ {
+ ParserSPARQLUpdate p = new ParserSPARQLUpdate() ;
+ UpdateRequest update = new UpdateRequest() ;
+ p.parse(update, str.getStringQuery()) ;
+ return update ;
+ }
+
/** Create an UpdateRequest by reading it from a file */
public static UpdateRequest read(String fileName)
{
Index: src/com/hp/hpl/jena/query/QueryFactory.java
===================================================================
--- src/com/hp/hpl/jena/query/QueryFactory.java (revisión: 4)
+++ src/com/hp/hpl/jena/query/QueryFactory.java (copia de trabajo)
@@ -7,6 +7,7 @@
package com.hp.hpl.jena.query;
import com.hp.hpl.jena.n3.IRIResolver;
+import com.hp.hpl.jena.sparql.ParameterizedString;
import com.hp.hpl.jena.sparql.lang.Parser;
import com.hp.hpl.jena.sparql.lang.ParserRegistry;
import com.hp.hpl.jena.sparql.lang.ParserSPARQL;
@@ -31,6 +32,18 @@
return create(queryString, Syntax.defaultSyntax) ;
}
+ /** Create a SPARQL query from the given secure string by calling the parser.
+ *
+ * @param secureQueryString The secured query string
+ * @throws QueryException Thrown when a parse error occurs
+ * @see ParameterizedString
+ */
+
+ static public Query create(ParameterizedString secureQueryString)
+ {
+ return create(secureQueryString.getStringQuery(Syntax.defaultSyntax));
+ }
+
/** Create a query from the given string by calling the parser.
*
* @param queryString The query string
@@ -43,6 +56,19 @@
return create(queryString, null, langURI) ;
}
+ /** Create a query from the given secure string by calling the parser.
+ *
+ * @param secureQueryString The secure query string
+ * @param langURI URI for the syntax
+ * @throws QueryException Thrown when a parse error occurs
+ * @see ParameterizedString
+ */
+
+ static public Query create(ParameterizedString secureQueryString, Syntax langURI)
+ {
+ return create(secureQueryString.getStringQuery(langURI), langURI) ;
+ }
+
/** Create a query from the given string by calling the parser.
*
* @param queryString The query string
@@ -58,22 +84,48 @@
}
+ /** Create a query from the given secure string by calling the parser.
+ *
+ * @param secureQueryString The secure query string
+ * @param baseURI Base URI
+ * @throws QueryException Thrown when a parse error occurs
+ * @see ParameterizedString
+ */
+
+ static public Query create(ParameterizedString secureQueryString, String baseURI)
+ {
+ return create(secureQueryString.getStringQuery(Syntax.defaultSyntax), baseURI) ;
+ }
+
/** Create a query from the given string by calling the parser.
- *
- * @param queryString The query string
- * @param baseURI Base URI
- * @param querySyntax URI for the syntax
- * @throws QueryException Thrown when a parse error occurs
- */
+ *
+ * @param queryString The query string
+ * @param baseURI Base URI
+ * @param querySyntax URI for the syntax
+ * @throws QueryException Thrown when a parse error occurs
+ */
- static public Query create(String queryString, String baseURI, Syntax querySyntax)
- {
- Query query = new Query() ;
- parse(query, queryString, baseURI, querySyntax) ;
- return query ;
-
- }
+ static public Query create(String queryString, String baseURI, Syntax querySyntax)
+ {
+ Query query = new Query() ;
+ parse(query, queryString, baseURI, querySyntax) ;
+ return query ;
+ }
+ /** Create a query from the given secure string by calling the parser.
+ *
+ * @param queryString The secure query string
+ * @param baseURI Base URI
+ * @param querySyntax URI for the syntax
+ * @throws QueryException Thrown when a parse error occurs
+ * @see ParameterizedString
+ */
+
+ static public Query create(ParameterizedString queryString, String baseURI, Syntax querySyntax)
+ {
+ return create(queryString.getStringQuery(querySyntax), baseURI, querySyntax);
+ }
+
/**
* Make a query - no parsing done
*/
@@ -125,10 +177,25 @@
return parser.parse(query, queryString) ;
}
- static boolean knownParserSyntax(Syntax syntaxURI)
- {
- return ParserRegistry.get().containsFactory(syntaxURI) ;
- }
+ /** Parse a query from the given string by calling the parser.
+ *
+ * @param query Existing, uninitialized query
+ * @param queryString The query string
+ * @param baseURI URI for relative URI expansion
+ * @param syntaxURI URI for the syntax
+ * @throws QueryException Thrown when a parse error occurs
+ * @see ParameterizedString
+ */
+
+ static public Query parse(Query query, ParameterizedString queryString, String baseURI, Syntax syntaxURI)
+ {
+ return parse(query, queryString.getStringQuery(syntaxURI), baseURI, syntaxURI);
+ }
+
+ static boolean knownParserSyntax(Syntax syntaxURI)
+ {
+ return ParserRegistry.get().containsFactory(syntaxURI) ;
+ }
/**