fail parsing on invalid IRIs

tpluscode · tpluscode · commit d631643e0d16 · 2016-03-28T19:41:59.000+02:00
diff --git a/src/JsonLD/Core/RDFDatasetUtils.cs b/src/JsonLD/Core/RDFDatasetUtils.cs
@@ -544,7 +544,11 @@ public static string Escape(string str)
 
         private class Regex
         {
-            public static readonly Pattern Iri = Pattern.Compile("(?:<([^>]*)>)");
+            public static readonly Pattern HEX = Pattern.Compile("[0-9A-Fa-f]");
+
+            public static readonly Pattern UCHAR = Pattern.Compile("\\\\u" + HEX + "{4}|\\\\U" + HEX + "{8}");
+
+            public static readonly Pattern Iri = Pattern.Compile("(?:<((?:[^\\x00-\\x20<>\"{}|^`\\\\]|" + UCHAR + ")*)>)");
 
             public static readonly Pattern Bnode = Pattern.Compile("(_:(?:[A-Za-z0-9](?:[A-Za-z0-9\\-\\.]*[A-Za-z0-9])?))"
                 );
@@ -618,19 +622,25 @@ public static RDFDataset ParseNQuads(string input)
                 RDFDataset.Node subject;
                 if (match.Group(1) != null)
                 {
-                    subject = new RDFDataset.IRI(Unescape(match.Group(1)));
+                    var subjectIri = Unescape(match.Group(1));
+                    AssertAbsoluteIri(subjectIri);
+                    subject = new RDFDataset.IRI(subjectIri);
                 }
                 else
                 {
                     subject = new RDFDataset.BlankNode(Unescape(match.Group(2)));
                 }
                 // get predicate
-                RDFDataset.Node predicate = new RDFDataset.IRI(Unescape(match.Group(3)));
+                var predicateIri = Unescape(match.Group(3));
+                AssertAbsoluteIri(predicateIri);
+                RDFDataset.Node predicate = new RDFDataset.IRI(predicateIri);
                 // get object
                 RDFDataset.Node @object;
                 if (match.Group(4) != null)
                 {
-                    @object = new RDFDataset.IRI(Unescape(match.Group(4)));
+                    var objectIri = Unescape(match.Group(4));
+                    AssertAbsoluteIri(objectIri);
+                    @object = new RDFDataset.IRI(objectIri);
                 }
                 else
                 {
@@ -643,6 +653,7 @@ public static RDFDataset ParseNQuads(string input)
                         string language = Unescape(match.Group(8));
                         string datatype = match.Group(7) != null ? Unescape(match.Group(7)) : match.Group
                             (8) != null ? JSONLDConsts.RdfLangstring : JSONLDConsts.XsdString;
+                        AssertAbsoluteIri(datatype);
                         string unescaped = Unescape(match.Group(6));
                         @object = new RDFDataset.Literal(unescaped, datatype, language);
                     }
@@ -652,6 +663,7 @@ public static RDFDataset ParseNQuads(string input)
                 if (match.Group(9) != null)
                 {
                     name = Unescape(match.Group(9));
+                    AssertAbsoluteIri(name);
                 }
                 else
                 {
@@ -680,5 +692,13 @@ public static RDFDataset ParseNQuads(string input)
             }
             return dataset;
         }
+
+        private static void AssertAbsoluteIri(string iri)
+        {
+            if (Uri.IsWellFormedUriString(Uri.EscapeUriString(iri), UriKind.Absolute) == false)
+            {
+                throw new JsonLdError(JsonLdError.Error.SyntaxError, "Invalid absolute URI <" + iri + ">");
+            }
+        }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -544,7 +544,11 @@ public static string Escape(string str)`
`544`	`544`
`545`	`545`	`private class Regex`
`546`	`546`	`{`
`547`		`- public static readonly Pattern Iri = Pattern.Compile("(?:<([^>]*)>)");`
	`547`	`+ public static readonly Pattern HEX = Pattern.Compile("[0-9A-Fa-f]");`
	`548`	`+`
	`549`	`+ public static readonly Pattern UCHAR = Pattern.Compile("\\\\u" + HEX + "{4}\|\\\\U" + HEX + "{8}");`
	`550`	`+`
	`551`	+ public static readonly Pattern Iri = Pattern.Compile("(?:<((?:[^\\x00-\\x20<>\"{}\|^`\\\\]\|" + UCHAR + ")*)>)");
`548`	`552`
`549`	`553`	`public static readonly Pattern Bnode = Pattern.Compile("(_:(?:[A-Za-z0-9](?:[A-Za-z0-9\\-\\.]*[A-Za-z0-9])?))"`
`550`	`554`	`);`
`@@ -618,19 +622,25 @@ public static RDFDataset ParseNQuads(string input)`
`618`	`622`	`RDFDataset.Node subject;`
`619`	`623`	`if (match.Group(1) != null)`
`620`	`624`	`{`
`621`		`- subject = new RDFDataset.IRI(Unescape(match.Group(1)));`
	`625`	`+ var subjectIri = Unescape(match.Group(1));`
	`626`	`+ AssertAbsoluteIri(subjectIri);`
	`627`	`+ subject = new RDFDataset.IRI(subjectIri);`
`622`	`628`	`}`
`623`	`629`	`else`
`624`	`630`	`{`
`625`	`631`	`subject = new RDFDataset.BlankNode(Unescape(match.Group(2)));`
`626`	`632`	`}`
`627`	`633`	`// get predicate`
`628`		`- RDFDataset.Node predicate = new RDFDataset.IRI(Unescape(match.Group(3)));`
	`634`	`+ var predicateIri = Unescape(match.Group(3));`
	`635`	`+ AssertAbsoluteIri(predicateIri);`
	`636`	`+ RDFDataset.Node predicate = new RDFDataset.IRI(predicateIri);`
`629`	`637`	`// get object`
`630`	`638`	`RDFDataset.Node @object;`
`631`	`639`	`if (match.Group(4) != null)`
`632`	`640`	`{`
`633`		`- @object = new RDFDataset.IRI(Unescape(match.Group(4)));`
	`641`	`+ var objectIri = Unescape(match.Group(4));`
	`642`	`+ AssertAbsoluteIri(objectIri);`
	`643`	`+ @object = new RDFDataset.IRI(objectIri);`
`634`	`644`	`}`
`635`	`645`	`else`
`636`	`646`	`{`
`@@ -643,6 +653,7 @@ public static RDFDataset ParseNQuads(string input)`
`643`	`653`	`string language = Unescape(match.Group(8));`
`644`	`654`	`string datatype = match.Group(7) != null ? Unescape(match.Group(7)) : match.Group`
`645`	`655`	`(8) != null ? JSONLDConsts.RdfLangstring : JSONLDConsts.XsdString;`
	`656`	`+ AssertAbsoluteIri(datatype);`
`646`	`657`	`string unescaped = Unescape(match.Group(6));`
`647`	`658`	`@object = new RDFDataset.Literal(unescaped, datatype, language);`
`648`	`659`	`}`
`@@ -652,6 +663,7 @@ public static RDFDataset ParseNQuads(string input)`
`652`	`663`	`if (match.Group(9) != null)`
`653`	`664`	`{`
`654`	`665`	`name = Unescape(match.Group(9));`
	`666`	`+ AssertAbsoluteIri(name);`
`655`	`667`	`}`
`656`	`668`	`else`
`657`	`669`	`{`
`@@ -680,5 +692,13 @@ public static RDFDataset ParseNQuads(string input)`
`680`	`692`	`}`
`681`	`693`	`return dataset;`
`682`	`694`	`}`
	`695`	`+`
	`696`	`+ private static void AssertAbsoluteIri(string iri)`
	`697`	`+ {`
	`698`	`+ if (Uri.IsWellFormedUriString(Uri.EscapeUriString(iri), UriKind.Absolute) == false)`
	`699`	`+ {`
	`700`	`+ throw new JsonLdError(JsonLdError.Error.SyntaxError, "Invalid absolute URI <" + iri + ">");`
	`701`	`+ }`
	`702`	`+ }`
`683`	`703`	`}`
`684`	`704`	`}`