[jira] [Created] (JENA-1497) ParameterizedSparqlString detects delimiters incorrectly

Rob Vesse (JIRA) Mon, 05 Mar 2018 02:20:25 -0800

Rob Vesse created JENA-1497:
-------------------------------

             Summary: ParameterizedSparqlString detects delimiters incorrectly
                 Key: JENA-1497
                 URL: https://issues.apache.org/jira/browse/JENA-1497
             Project: Apache Jena
          Issue Type: Bug
          Components: ARQ
    Affects Versions: Jena 3.6.0
            Reporter: Rob Vesse
            Assignee: Rob Vesse



As reported on the mailing list - 
[https://lists.apache.org/thread.html/3855aa8046cfea61433042655144f071c56baa7c5d61a78544730455@%3Cusers.jena.apache.org%3E|https://lists.apache.org/thread.html/3855aa8046cfea61433042655144f071c56baa7c5d61a78544730455@%3Cusers.jena.apache.org%3E]

Investigation shows that the delimiter parsing logic has some flaws that causes 
it to do the wrong thing resulting in the possibility of incorrect detection of 
injection attacks leading to some valid SPARQL strings being rejected when 
attempting to inject parameters.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (JENA-1497) ParameterizedSparqlString detects delimiters incorrectly

Reply via email to