package injection.sample4_Blind_RDQL_Injection;

import injection.SampleBase;

import com.hp.hpl.jena.query.Query;
import com.hp.hpl.jena.query.QueryFactory;
import com.hp.hpl.jena.query.QuerySolution;
import com.hp.hpl.jena.query.Syntax;
import com.hp.hpl.jena.rdf.model.Model;

public class Sample4code extends SampleBase {
	private final String FILE_PATH = "files/injection.owl";
	
	public static void main(String [] args) throws Exception{
		Sample4code sample = new Sample4code();
		String result = sample.run("Pablo Orduna");
		System.out.println(result);
	}
	
	public String run(String name) throws Exception{
		Model model = this.loadModel(FILE_PATH);
		
		String queryString = 
			"SELECT ?p1 ?p2 " +
			"WHERE " +
			"      (?p1, <rdf:type>, <injection:Person>), " +
			"      (?p2, <rdf:type>, <injection:Person>), " +
			"      (?p1, <injection:fullName>, '" + name + "'), " +
			"      (?p1, <injection:isFriendOf>, ?p2) " +
			" " +
			"USING xsd for <http://www.w3.org/2001/XMLSchema#>," +
			"      injection for <http://www.morelab.deusto.es/injection.owl#>\n";
		Query query = QueryFactory.create(queryString, Syntax.syntaxRDQL);
		QuerySolution solution = this.retrieveFirstResult(query, model);
		if(solution == null)
			return null;
		
		return solution.getResource("p1").getURI();
	}
}