Describe the bug
While opening VIVO home page error appeared in tomcat log file.
Error happens due to substitution of environment variable that doesn't exists in sparql query text in case sparql query data getter doesn't have any variable substitution specified for backward compatibility.
To Reproduce
Steps to reproduce the behavior:
Build VIVO
Log in
Activate developer panel
In developer panel check "Insert HTML comments at start and end of templates"
Open home page
Expected behavior
A clear and concise description of what you expected to happen.
Stack trace
WARN [FreemarkerConfigurationImpl] org.apache.jena.sparql.ARQException: Value for the parameter contains a SPARQL injection risk
org.apache.jena.sparql.ARQException: Value for the parameter contains a SPARQL injection risk
at org.apache.jena.query.ParameterizedSparqlString.validateParameterValue(ParameterizedSparqlString.java:630)
at org.apache.jena.query.ParameterizedSparqlString.setParam(ParameterizedSparqlString.java:692)
at org.apache.jena.query.ParameterizedSparqlString.setIri(ParameterizedSparqlString.java:760)
at edu.cornell.mannlib.vitro.webapp.utils.dataGetter.SparqlQueryDataGetter.lambda$bindParameters$7(SparqlQueryDataGetter.java:226)
at edu.cornell.mannlib.vitro.webapp.utils.dataGetter.SparqlQueryDataGetter.substitute(SparqlQueryDataGetter.java:243)
at edu.cornell.mannlib.vitro.webapp.utils.dataGetter.SparqlQueryDataGetter.bindParameters(SparqlQueryDataGetter.java:225)
at edu.cornell.mannlib.vitro.webapp.utils.dataGetter.SparqlQueryDataGetter.getData(SparqlQueryDataGetter.java:172)
at edu.cornell.mannlib.vitro.webapp.freemarker.config.FreemarkerConfigurationImpl.applyDataGetter(FreemarkerConfigurationImpl.java:234)
at edu.cornell.mannlib.vitro.webapp.freemarker.config.FreemarkerConfigurationImpl.retrieveAndRunDataGetters(FreemarkerConfigurationImpl.java:197)
at edu.cornell.mannlib.vitro.webapp.freemarker.config.FreemarkerConfigurationImpl.getTemplate(FreemarkerConfigurationImpl.java:166)
Additional information
ERROR [SparqlQueryDataGetter] Exception happend while trying to substitute value
Describe the bug While opening VIVO home page error appeared in tomcat log file. Error happens due to substitution of environment variable that doesn't exists in sparql query text in case sparql query data getter doesn't have any variable substitution specified for backward compatibility.
To Reproduce Steps to reproduce the behavior:
Expected behavior A clear and concise description of what you expected to happen.
Stack trace WARN [FreemarkerConfigurationImpl] org.apache.jena.sparql.ARQException: Value for the parameter contains a SPARQL injection risk org.apache.jena.sparql.ARQException: Value for the parameter contains a SPARQL injection risk at org.apache.jena.query.ParameterizedSparqlString.validateParameterValue(ParameterizedSparqlString.java:630) at org.apache.jena.query.ParameterizedSparqlString.setParam(ParameterizedSparqlString.java:692) at org.apache.jena.query.ParameterizedSparqlString.setIri(ParameterizedSparqlString.java:760) at edu.cornell.mannlib.vitro.webapp.utils.dataGetter.SparqlQueryDataGetter.lambda$bindParameters$7(SparqlQueryDataGetter.java:226) at edu.cornell.mannlib.vitro.webapp.utils.dataGetter.SparqlQueryDataGetter.substitute(SparqlQueryDataGetter.java:243) at edu.cornell.mannlib.vitro.webapp.utils.dataGetter.SparqlQueryDataGetter.bindParameters(SparqlQueryDataGetter.java:225) at edu.cornell.mannlib.vitro.webapp.utils.dataGetter.SparqlQueryDataGetter.getData(SparqlQueryDataGetter.java:172) at edu.cornell.mannlib.vitro.webapp.freemarker.config.FreemarkerConfigurationImpl.applyDataGetter(FreemarkerConfigurationImpl.java:234) at edu.cornell.mannlib.vitro.webapp.freemarker.config.FreemarkerConfigurationImpl.retrieveAndRunDataGetters(FreemarkerConfigurationImpl.java:197) at edu.cornell.mannlib.vitro.webapp.freemarker.config.FreemarkerConfigurationImpl.getTemplate(FreemarkerConfigurationImpl.java:166)
Additional information ERROR [SparqlQueryDataGetter] Exception happend while trying to substitute value
of variable body in query
Environment (please complete the following information):