Open
Description
What will happen if an engine encounters a malformed sh:path that has a cyclical link to itself?
A naive engine may just loop forever, which constitutes a simple Denial of Service attack vector.
- https://www.w3.org/TR/shacl/#property-paths says
"A node p is not a well-formed SHACL property path if p is a blank node and any path mappings of p directly or transitively reference p."- I suggest to add:
"Implementors are encouraged to check for such cyclical property paths and raise a failure, because such paths constitute a potential Denial of Service attack vector"
- I suggest to add:
- (Note: https://www.w3.org/TR/shacl/#shapes-recursion says
"The validation with recursive shapes is not defined in SHACL and is left to SHACL processor implementations."
Although somewhat related, this is a completely different issue.) - SHACL-SHACL doesn't (and cannot) check for cyclical paths, see
shsh:PathShape(although it uses a named blank node_:PathPath).
We should also add a test for it.
Out of all path tests https://github.com/w3c/data-shapes/tree/gh-pages/data-shapes-test-suite/tests/core/path
I can find only https://github.com/w3c/data-shapes/blob/gh-pages/data-shapes-test-suite/tests/core/path/path-unused-001-shapes.ttl#L12 that has a cyclical path _:p2:
_:p1 sh:inversePath _:p2 .
_:p2 sh:zeroOrMorePath ( _:p2 ) .
_:p2 sh:zeroOrOnePath [ rdf:rest rdf:nil ] .
_:p3 sh:alternativePath ( ex:p ) ;
rdfs:comment "invalid path" .But it's not used in any node shape, so it does no harm.
We can change the node shape slightly to use the cyclical path:
ex:s1 a sh:NodeShape ;
sh:targetNode ex:j, ex:i ;
sh:class ex:C;
sh:property [sh:path _:p2] .Of course, it's better to write it as a separate test path-cyclical-001