What is the simplest way to validate there are no syntax errors in an XQuery file? I want to test a number of xquery files as a part of routine testing to verify that no bad files exist with simple syntax errors. Generally for library modules I import the library module and that is enough to validate syntax of the file.
BaseX has an option RUNQUERY that can be used to disable query execution, so it only gets parsed. For using the command line, use the -R off flag.
The query can be passed as string, here I'm using the very simple query 1+1, which is totally valid and will not return any output, but a return value of 0.
basex -R off "1+1"
Passing an invalid query will return a syntax error message, and a non-zero return code.
basex -R off "1foo"
Stopped at [snip], 1/2:
[XPST0003] Expecting separator after number.
I guess there will be similar options for other XQuery implementations, but they're not standardized, so you'll have to look them up in the individual manuals.
Related
I wrote a small service in go (although I don't think this would be a language specific issue), that caches some results by saving it to a file, and writing a URL query parameter into the filename with "prefix" + param + ".json" using ioutil.WriteFile. The service runs on Ubuntu.
Is it possible to do something malicious, by passing an unexpected string via the query?
Relevant attacks that come to mind are called path injection. For example what if the query parameter is something like ../../etc/passwd (okthis would probably not work as the user running this service would have no permissions, but you get the point). For example it could be possible to overwrite your service code itself.
You should sanitize the parameter before adding it to the filename. The best would be a strict whitelist of letters and numbers that are allowed, anything else should ve removed from the parameter. That way injection would not be possible.
You can also check whether the path you are writing to is actually under an explicitly allowed directory.
I will make a test in python, here is the struct of the project
app1/main.py
while True:
a = input() # passing query
with open("{}.json".format(a), "w") as f:
f.write("Hello world")
now i am a hacker, and i want to change "yourfile.json"
so i passed this
and than, the content of yourfile.json become: Hello world
How do I see if a file exists without exceptions using Julia? I want to make sure that my program does not crash if for some reason the file I am trying to open is not accessible, has been deleted, or does not exist.
There are two simple ways of doing so.
First:
println(isfile("Sphere.jl"))
false
This isfile() function will simply check if the file exists. Note: if Sphere.jl is not in your current file path, you would need to provide the absolute path to get to that file.
Second (more of a trial by fire example):
try
open("Sphere.jl", "w") do s
println(s, "Hi")
end
catch
#warn "Could not open the file to write."
end
The second example utilizes the try-catch schema. It is always best for your program to not have to deal with errors so it's recommended that you use isfile() unless you have to use try-catch for your use case.
It's worth noting that there may be some cases where the file exists, but writing to it is not possible (i.e. it's locked by the os). In that case, using try-catch is a great option when attempting to write.
I have the following query in a MarkLogic XQuery file, and I am seeing the following error message returned
XDMP-ENTITYREF: (err:XPST0003) Invalid entity reference " " . See the MarkLogic server error log for further detail.
The following is the code I am using in the XQuery file.
xquery version "1.0-ml";
declare variable $query :=
cts:or-query
((
cts:element-word-query(xs:QName("lines"),"l&l"),
cts:element-word-query(xs:QName("lines"),"pool & cue"),
cts:element-word-query(xs:QName("lines"),"look")
));
declare function local:do-query(){
element xml {
for $i in cts:uris( (), (), $query)
let $item := doc($i)
return
element item {
element title { $item/title/string() }
}
}
};
local:do-query()
Obviously the 2x tags i am looking for are l&l and pool & cue. I have also looked into the repair-full suggestion in another question posted, but couldn't figure out how that fits into this query. If I removed the ones with special characters, it works as expected.
Any ideas?
Based on the additional info in the comments to the question, this is not an issue with the execution of the code, but rather with deployment of the code.
This happens often if you insert code using QConsole, or some other ways in which you evaluate XQuery code. The & get interpreted, and translated to the & character it represents. If you then write that into a .xqy file into some Modules database, it does not get escaped back into & again, since XQuery files are stored as plain text in MarkLogic, and & doesn't get escaped in plain text.
A better way to deploy code is by uploading or inserting from disk. That way characters like &, >, and { inside XML won't get interpreted, but preserved and inserted as is. There are tools like ml-gradle and Roxy that make deploying MarkLogic code very easy. Consider using these. Alternatively you could also look into using Curl against the Management REST api.
If you want to use QConsole after all, escape characters like & twice. E.g. & becomes &, and < becomes <.
HTH!
I can think of workarounds on how to get this working however I'm interested in finding out if there's a solution to this specific problem.
I've got a go program which requires a json string arguement:
go run main.go "{ \"field\" : \"value\" }"
No problems so far. However, am I able to run from the command line if one of the json values is another json string?
go run main.go "{ \"json-string\" : \"{\"nestedfield\" : \"nestedvalue\"}\" }"
It would seem that adding escape characters incorrectly matches up the opening and closing quotes. Am I minuderstanding how this is done or is it (and this is the side I'm coming down on) simply not possible?
To reiterate, this is a question that has piqued my curiosity - I'm aware of alternative approaches - I'm hoping for input related to this specific problem.
Why don't you just put your json config to the file and provide config file name to your application using flag package
Based on the feedback from wiredeye I went down the argument route instead. I've modified the program to run on:
go run main.go field:value field2:value json-string:"{\"nestedfield\":nestedvalue}"
I can then iterate over the os.Args and get the nested json within my program. I'm not using flags directly as I don't know the amount of inputs into the program which would have required me to use duplicate flags (not supported) or parse the flag to a collection (doesn't seem to be supported).
Thanks wiredeye
I am observing one command in my TCL code (interpreter) . the command name is "interpreter" .
I searched on the google for this command , but I did not get much information .
Can anyone explain about this command ?
Thanks in advance .
Looks like I'm a year late, but maybe you're using Expect, a tcl plugin?
If you follow the link above search for interpreter " with ctrl+f you will find the following (bizarrely formatted) description:
causes the user to be interactively prompted for Expect and Tcl commands. The result of each command is printed.
Actions such as break and continue cause control structures (i.e., for, proc) to behave in the usual way. However return causes interpreter to return to its caller, while inter_return causes interpreter to cause a return in its caller. For example, if "proc foo" called interpreter which then executed the action inter_return, proc foo would return. Any other command causes interpreter to continue prompting for new commands.
By default, the prompt contains two integers.
The first integer describes the depth of the evaluation stack (i.e., how many times Tcl_Eval has been called). The second integer is the Tcl history identifier. The prompt can be set by defining a procedure called "prompt1" whose return value becomes the next prompt. If a statement has open quotes, parens, braces, or brackets, a secondary prompt (by default "+> ") is issued upon newline. The secondary prompt may be set by defining a procedure called "prompt2".
tl;dr: It pauses your script and allows you to execute tcl commands