Open timbl opened 3 years ago
jeff-zucker
commented
3 years ago What would make sense to me is to default to subject.doc regardless of whether the user pads the nulls. That, I think, is the expectation. Putting in a specific URI in the fourth spot would use only statements in that doc and putting an asterisk there would search everything in the store.
jeff-zucker
commented
3 years ago y = store.any(x,pred); // search only in x.doc()
y = store.any(x,pred,null,z); // search only in z
y = store.any(x,pred,null,"*"); // search everything in the store Actually, your way is cleaner, since null already means wildcard in this situation. The difference between undefined and null may escape some people but it's easy enough to document.
This would be big breaking change but I bring up the issue so as to get the problem on the table.
When you follow a link or look up a value in linked data the typical thing you do is
where
x.doc()is the document whose URI the URI of x but with the has and local id part stripped off. The null is a wildcard, saying you are looking for objects which match. It is sometimes tempting to do this instead:That is snappier, and always works, when the original call works. But what it does is search the whole quad store. if you have just leads trusted data into you store, that is fine. But in general, when your quadstore is a cache of many things from different sources, then it leaves you open to attack. Someone can put in any document you will end up loading misleading fact that will match your careless query above.
One thing to do is to review code for this problem., and be aware of it when you review code. another might be to change the default so that you have to put an explict
nullin is you want to search the whole store, and just leaving the parameter (undefined) would make it default tosubject.doc(), orobject.docfor a revers link query.So to search all the store, you would need: