package injection.sample2_Blind_SPARQL_Injection;

import injection.SampleBase;

import com.hp.hpl.jena.query.Query;
import com.hp.hpl.jena.query.QueryFactory;
import com.hp.hpl.jena.query.QuerySolution;
import com.hp.hpl.jena.rdf.model.Model;
import com.hp.hpl.jena.rdf.model.Resource;

public class Sample2code extends SampleBase {
	private final String FILE_PATH = "files/injection.owl";
	
	public static void main(String [] args) throws Exception{
		Sample2code sample = new Sample2code();
		String result = sample.run("Pablo Orduna");
		System.out.println(result);
	}
	
	public String run(String name) throws Exception{
		Model model = this.loadModel(FILE_PATH);
		
		String queryString = 
			"PREFIX xsd: <http://www.w3.org/2001/XMLSchema#>" +
			"PREFIX injection: <http://www.morelab.deusto.es/injection.owl#> " +
			"SELECT ?p1 ?p2 " +
			"WHERE {" +
			"      ?p1 a injection:Person . " +
			"      ?p2 a injection:Person . " +
			"      ?p1 injection:fullName '" + name + "'^^xsd:string . " +
			"      ?p1 injection:isFriendOf ?p2 . " +
			"}";
		Query query = QueryFactory.create(queryString);
		QuerySolution solution = this.retrieveFirstResult(query, model);
		if(solution == null)
			return null;
			
		Resource res = solution.getResource("p1");
		return res.getURI();
	}	
}