From 0ccdea2ff1bb33bed6b14989d56f4c3fafd06c04 Mon Sep 17 00:00:00 2001
From: Tpt <thomaspt@hotmail.fr>
Date: Wed, 30 Nov 2022 20:52:52 +0100
Subject: [PATCH] SPARQL: properly validates VALUE clauses

---
 lib/spargebra/src/parser.rs                        |  8 ++++++--
 testsuite/oxigraph-tests/sparql/manifest.ttl       | 10 ++++++++++
 testsuite/oxigraph-tests/sparql/values_too_few.rq  |  1 +
 testsuite/oxigraph-tests/sparql/values_too_many.rq |  1 +
 4 files changed, 18 insertions(+), 2 deletions(-)
 create mode 100644 testsuite/oxigraph-tests/sparql/values_too_few.rq
 create mode 100644 testsuite/oxigraph-tests/sparql/values_too_many.rq

diff --git a/lib/spargebra/src/parser.rs b/lib/spargebra/src/parser.rs
index 98cfe9e0..d99d4612 100644
--- a/lib/spargebra/src/parser.rs
+++ b/lib/spargebra/src/parser.rs
@@ -1441,8 +1441,12 @@ parser! {
         rule InlineDataOneVar_value() -> Vec<Option<GroundTerm>> = t:DataBlockValue() _ { vec![t] }
 
         //[64]
-        rule InlineDataFull() -> (Vec<Variable>, Vec<Vec<Option<GroundTerm>>>) = "(" _ vars:InlineDataFull_var()* _ ")" _ "{" _ val:InlineDataFull_values()* "}" {
-            (vars, val)
+        rule InlineDataFull() -> (Vec<Variable>, Vec<Vec<Option<GroundTerm>>>) = "(" _ vars:InlineDataFull_var()* _ ")" _ "{" _ vals:InlineDataFull_values()* "}" {?
+            if vals.iter().all(|vs| vs.len() == vars.len()) {
+                Ok((vars, vals))
+            } else {
+                Err("The VALUES clause rows should have exactly the same number of values as there are variables. To set a value to undefined use UNDEF.")
+            }
         }
         rule InlineDataFull_var() -> Variable = v:Var() _ { v }
         rule InlineDataFull_values() -> Vec<Option<GroundTerm>> = "(" _ v:InlineDataFull_value()* _ ")" _ { v }
diff --git a/testsuite/oxigraph-tests/sparql/manifest.ttl b/testsuite/oxigraph-tests/sparql/manifest.ttl
index 621c63e9..156b7e1f 100644
--- a/testsuite/oxigraph-tests/sparql/manifest.ttl
+++ b/testsuite/oxigraph-tests/sparql/manifest.ttl
@@ -28,6 +28,8 @@
     :order_terms
     :nested_anonymous
     :unbound_variable_in_subquery
+    :values_too_many
+    :values_too_few
     ) .
 
 :small_unicode_escape_with_multibytes_char rdf:type mf:NegativeSyntaxTest ;
@@ -129,3 +131,11 @@
     mf:action
          [ qt:query  <unbound_variable_in_subquery.rq> ] ;
     mf:result  <unbound_variable_in_subquery.srx> .
+
+:values_too_many rdf:type mf:NegativeSyntaxTest11 ;
+    mf:name "Too many values in a VALUE clause compared to the number of variable" ;
+    mf:action <values_too_many.rq> .
+
+:values_too_few rdf:type mf:NegativeSyntaxTest11 ;
+    mf:name "Too few values in a VALUE clause compared to the number of variable" ;
+    mf:action <values_too_few.rq> .
diff --git a/testsuite/oxigraph-tests/sparql/values_too_few.rq b/testsuite/oxigraph-tests/sparql/values_too_few.rq
new file mode 100644
index 00000000..ceac3c3c
--- /dev/null
+++ b/testsuite/oxigraph-tests/sparql/values_too_few.rq
@@ -0,0 +1 @@
+SELECT * WHERE { VALUES (?a ?b) {  (1) } }
\ No newline at end of file
diff --git a/testsuite/oxigraph-tests/sparql/values_too_many.rq b/testsuite/oxigraph-tests/sparql/values_too_many.rq
new file mode 100644
index 00000000..e4e3c7ab
--- /dev/null
+++ b/testsuite/oxigraph-tests/sparql/values_too_many.rq
@@ -0,0 +1 @@
+SELECT * WHERE { VALUES (?a ?b) {  (1 2 3) } }
\ No newline at end of file