GH-3654 add caching in document loader

Author: hmottestad

core/rio/api/src/main/java/org/eclipse/rdf4j/rio/helpers/JSONLDSettings.java

@@ -10,6 +10,9 @@
  *******************************************************************************/
 package org.eclipse.rdf4j.rio.helpers;
 
+import java.util.List;
+import java.util.Set;
+
 import org.eclipse.rdf4j.rio.RioSetting;
 
 import com.github.jsonldjava.core.DocumentLoader;
@@ -153,6 +156,33 @@ public class JSONLDSettings {
 	public static final RioSetting<Boolean> HIERARCHICAL_VIEW = new BooleanRioSetting(
 			"org.eclipse.rdf4j.rio.jsonld.hierarchical_view", "Hierarchical representation of the JSON", Boolean.FALSE);
 
+	/**
+	 *
+	 *
+	 */
+	public static final RioSetting<Set<String>> WHITELIST = new RioSettingImpl<>(
+			"org.eclipse.rdf4j.rio.jsonld_whitelist",
+			"Whitelist of remote/local resources that the JSON-LD parser can retrieve. Set of URIs as strings.",
+			Set.of());
+
+	/**
+	 *
+	 *
+	 */
+	public static final RioSetting<Boolean> SECURE_MODE = new RioSettingImpl<>(
+			"org.eclipse.rdf4j.rio.jsonld_secure_mode",
+			"Secure mode only allows loading remote/local resources (ex. context from url) that are whitelisted.",
+			Boolean.TRUE);
+
+	/**
+	 *
+	 *
+	 */
+	public static final RioSetting<Boolean> DOCUMENT_LOADER_CACHE = new RioSettingImpl<>(
+			"org.eclipse.rdf4j.rio.jsonld_document_loader_cache",
+			"The document loader cache is enabled by default. All loaded documents, such as remote contexts, are cached for 1 hour, or until the cache is full. The cache holds up to 1000 documents. The cache is shared between all JSONLDParsers. The cache can be disabled by setting this value to false.",
+			Boolean.TRUE);
+
 	/**
 	 * Private default constructor.
 	 */

core/rio/jsonld/pom.xml

@@ -74,6 +74,10 @@
 			<groupId>commons-io</groupId>
 			<artifactId>commons-io</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>com.google.guava</groupId>
+			<artifactId>guava</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>${project.groupId}</groupId>
 			<artifactId>rdf4j-rio-api</artifactId>

core/rio/jsonld/src/main/java/org/eclipse/rdf4j/rio/jsonld/CachingDocumentLoader.java

@@ -0,0 +1,77 @@
+package org.eclipse.rdf4j.rio.jsonld;
+
+import java.net.URI;
+import java.util.Set;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.TimeUnit;
+
+import org.eclipse.rdf4j.rio.RDFParseException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.cache.CacheBuilder;
+import com.google.common.cache.CacheLoader;
+import com.google.common.cache.LoadingCache;
+
+import no.hasmac.jsonld.JsonLdError;
+import no.hasmac.jsonld.document.Document;
+import no.hasmac.jsonld.loader.DocumentLoader;
+import no.hasmac.jsonld.loader.DocumentLoaderOptions;
+import no.hasmac.jsonld.loader.SchemeRouter;
+
+public class CachingDocumentLoader implements DocumentLoader {
+	private static final DocumentLoader defaultLoader = SchemeRouter.defaultInstance();
+	private static final Logger logger = LoggerFactory.getLogger(CachingDocumentLoader.class);
+
+	private static final LoadingCache<URI, Document> cache = CacheBuilder.newBuilder()
+			.maximumSize(1000) // Maximum 1000 documents in cache
+			.expireAfterWrite(1, TimeUnit.HOURS) // Expire after 1 hour
+			.concurrencyLevel(8) // Optimize for 8 concurrent threads
+			.build(new CacheLoader<>() {
+				@Override
+				public Document load(URI url) throws Exception {
+					return defaultLoader.loadDocument(url, new DocumentLoaderOptions());
+				}
+			});
+
+	private final boolean secureMode;
+	private final Set<String> whitelist;
+	private final boolean documentLoaderCache;
+
+	public CachingDocumentLoader(boolean secureMode, Set<String> whitelist, boolean documentLoaderCache) {
+		this.secureMode = secureMode;
+		this.whitelist = whitelist;
+		this.documentLoaderCache = documentLoaderCache;
+	}
+
+	@Override
+	public Document loadDocument(URI uri, DocumentLoaderOptions options) {
+
+		try {
+			if (!secureMode || whitelist.contains(uri.toString())) {
+				if (documentLoaderCache) {
+					try {
+						return cache.get(uri);
+					} catch (ExecutionException e) {
+						if (e.getCause() != null) {
+							throw new RDFParseException("Could not load document from " + uri, e.getCause());
+						}
+						throw new RDFParseException("Could not load document from " + uri, e);
+					}
+				} else {
+					try {
+						return defaultLoader.loadDocument(uri, options);
+					} catch (JsonLdError e) {
+						throw new RDFParseException("Could not load document from " + uri, e);
+					}
+				}
+			} else {
+				throw new RDFParseException("Could not load document from " + uri
+						+ " because it is not whitelisted. See: JSONLDSettings.WHITELIST and JSONLDSettings.SECURE_MODE");
+			}
+		} catch (RDFParseException e) {
+			logger.error(e.getMessage(), e);
+			throw e;
+		}
+	}
+}

core/rio/jsonld/src/main/java/org/eclipse/rdf4j/rio/jsonld/JSONLDParser.java

@@ -10,13 +10,19 @@
  *******************************************************************************/
 package org.eclipse.rdf4j.rio.jsonld;
 
+import static org.eclipse.rdf4j.rio.helpers.JSONLDSettings.DOCUMENT_LOADER_CACHE;
+import static org.eclipse.rdf4j.rio.helpers.JSONLDSettings.SECURE_MODE;
+import static org.eclipse.rdf4j.rio.helpers.JSONLDSettings.WHITELIST;
+
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.Reader;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.util.Collection;
+import java.util.List;
 import java.util.Optional;
+import java.util.Set;
 import java.util.function.BiConsumer;
 
 import org.eclipse.rdf4j.model.IRI;
@@ -126,12 +132,21 @@ private void parse(InputStream in, Reader reader, String baseURI)
 						BasicParserSettings.FAIL_ON_UNKNOWN_LANGUAGES);
 			}
 
+			boolean secureMode = getParserConfig().get(SECURE_MODE);
+			boolean documentLoaderCache = getParserConfig().get(DOCUMENT_LOADER_CACHE);
+
+			Set<String> whitelist = getParserConfig().get(WHITELIST);
+
 			JsonLdOptions opts = new JsonLdOptions();
 			opts.setUriValidation(false);
 			opts.setExceptionOnWarning(getParserConfig().get(JSONLDSettings.EXCEPTION_ON_WARNING));
 
 			Document context = getParserConfig().get(JSONLDSettings.EXPAND_CONTEXT);
 
+			DocumentLoader defaultDocumentLoader = opts.getDocumentLoader();
+			CachingDocumentLoader cachingDocumentLoader = new CachingDocumentLoader(secureMode, whitelist,
+					documentLoaderCache);
+
 			if (context != null) {
 
 				opts.setExpandContext(context);
@@ -142,22 +157,21 @@ private void parse(InputStream in, Reader reader, String baseURI)
 						throw new RDFParseException("Expand context is not a valid JSON document");
 					}
 					opts.getContextCache().put(context.getDocumentUrl().toString(), jsonContent.get());
-					opts.setDocumentLoader(new DocumentLoader() {
-
-						private final DocumentLoader defaultDocumentLoader = SchemeRouter.defaultInstance();
-
-						@Override
-						public Document loadDocument(URI url, DocumentLoaderOptions options) throws JsonLdError {
-							if (url.equals(context.getDocumentUrl())) {
-								return context;
-							}
-							return defaultDocumentLoader.loadDocument(url, options);
+					opts.setDocumentLoader((uri, options) -> {
+						if (uri.equals(context.getDocumentUrl())) {
+							return context;
 						}
+
+						return cachingDocumentLoader.loadDocument(uri, options);
 					});
 				}
 
 			}
 
+			if (secureMode && opts.getDocumentLoader() == defaultDocumentLoader) {
+				opts.setDocumentLoader(cachingDocumentLoader);
+			}
+
 			if (baseURI != null && !baseURI.isEmpty()) {
 				URI uri = new URI(baseURI);
 				opts.setBase(uri);

core/rio/jsonld/src/test/java/org/eclipse/rdf4j/rio/jsonld/JSONLDParserCustomTest.java

@@ -11,28 +11,39 @@
 package org.eclipse.rdf4j.rio.jsonld;
 
 import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
+import static org.eclipse.rdf4j.rio.helpers.JSONLDSettings.SECURE_MODE;
+import static org.eclipse.rdf4j.rio.helpers.JSONLDSettings.WHITELIST;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
+import java.io.File;
 import java.io.StringReader;
 import java.net.URI;
+import java.nio.charset.StandardCharsets;
+import java.util.Set;
 
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.eclipse.rdf4j.model.IRI;
 import org.eclipse.rdf4j.model.Literal;
 import org.eclipse.rdf4j.model.Model;
 import org.eclipse.rdf4j.model.Resource;
 import org.eclipse.rdf4j.model.Value;
 import org.eclipse.rdf4j.model.impl.LinkedHashModel;
 import org.eclipse.rdf4j.model.impl.SimpleValueFactory;
+import org.eclipse.rdf4j.model.vocabulary.FOAF;
 import org.eclipse.rdf4j.model.vocabulary.XSD;
+import org.eclipse.rdf4j.rio.ParserConfig;
 import org.eclipse.rdf4j.rio.RDFFormat;
 import org.eclipse.rdf4j.rio.RDFParseException;
 import org.eclipse.rdf4j.rio.RDFParser;
 import org.eclipse.rdf4j.rio.Rio;
 import org.eclipse.rdf4j.rio.helpers.ContextStatementCollector;
 import org.eclipse.rdf4j.rio.helpers.JSONLDSettings;
 import org.eclipse.rdf4j.rio.helpers.ParseErrorCollector;
+import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.RepeatedTest;
 import org.junit.jupiter.api.Test;
 
 import no.hasmac.jsonld.document.Document;
@@ -228,4 +239,85 @@ public void testContext() throws Exception {
 		parser.parse(new StringReader(LOADER_JSONLD), "");
 		assertTrue(model.predicates().contains(testPredicate));
 	}
+
+	@Test
+	public void testLocalFileSecurity() throws Exception {
+
+		String contextUri = JSONLDParserCustomTest.class.getClassLoader()
+				.getResource("testcases/jsonld/localFileContext/context.jsonld")
+				.toString();
+
+		String jsonld = FileUtils
+				.readFileToString(new File(JSONLDParserCustomTest.class.getClassLoader()
+						.getResource("testcases/jsonld/localFileContext/data.jsonld")
+						.getFile()), StandardCharsets.UTF_8)
+				.replace("file:./context.jsonld", contextUri);
+
+		// expect exception
+		RDFParseException rdfParseException = Assertions.assertThrowsExactly(RDFParseException.class, () -> {
+			parser.parse(new StringReader(jsonld), "");
+		});
+
+		Assertions.assertEquals("Could not load document from " + contextUri
+				+ " because it is not whitelisted. See: JSONLDSettings.WHITELIST and JSONLDSettings.SECURE_MODE",
+				rdfParseException.getMessage());
+	}
+
+	@Test
+	public void testLocalFileSecurityWhiteList() throws Exception {
+		String jsonld = FileUtils.readFileToString(new File(JSONLDParserCustomTest.class.getClassLoader()
+				.getResource("testcases/jsonld/localFileContext/data.jsonld")
+				.getFile()), StandardCharsets.UTF_8);
+		String contextUri = JSONLDParserCustomTest.class.getClassLoader()
+				.getResource("testcases/jsonld/localFileContext/context.jsonld")
+				.toString();
+		jsonld = jsonld.replace("file:./context.jsonld", contextUri);
+
+		parser.getParserConfig().set(WHITELIST, Set.of(contextUri));
+
+		parser.parse(new StringReader(jsonld), "");
+		assertTrue(model.objects().contains(FOAF.PERSON));
+	}
+
+	@Test
+	public void testLocalFileSecurityDisableSecurity() throws Exception {
+		String jsonld = FileUtils.readFileToString(new File(JSONLDParserCustomTest.class.getClassLoader()
+				.getResource("testcases/jsonld/localFileContext/data.jsonld")
+				.getFile()), StandardCharsets.UTF_8);
+		jsonld = jsonld.replace("file:./context.jsonld",
+				JSONLDParserCustomTest.class.getClassLoader()
+						.getResource("testcases/jsonld/localFileContext/context.jsonld")
+						.toString());
+
+		parser.getParserConfig().set(SECURE_MODE, false);
+
+		parser.parse(new StringReader(jsonld), "");
+		assertTrue(model.objects().contains(FOAF.PERSON));
+	}
+
+	@RepeatedTest(10)
+	public void testRemoteContext() throws Exception {
+		String jsonld = FileUtils.readFileToString(new File(JSONLDParserCustomTest.class.getClassLoader()
+				.getResource("testcases/jsonld/remoteContext/data.jsonld")
+				.getFile()), StandardCharsets.UTF_8);
+
+		parser.getParserConfig().set(WHITELIST, Set.of("https://schema.org"));
+		parser.parse(new StringReader(jsonld), "");
+		assertEquals(59, model.size());
+	}
+
+	@Test
+	public void testRemoteContextException() throws Exception {
+		String jsonld = FileUtils.readFileToString(new File(JSONLDParserCustomTest.class.getClassLoader()
+				.getResource("testcases/jsonld/remoteContextException/data.jsonld")
+				.getFile()), StandardCharsets.UTF_8);
+
+		parser.getParserConfig().set(WHITELIST, Set.of("https://example.org/context.jsonld"));
+		RDFParseException rdfParseException = Assertions.assertThrowsExactly(RDFParseException.class, () -> {
+			parser.parse(new StringReader(jsonld), "");
+		});
+
+		assertEquals("Could not load document from https://example.org/context.jsonld", rdfParseException.getMessage());
+	}
+
 }

core/rio/jsonld/src/test/resources/testcases/jsonld/localFileContext/context.jsonld

@@ -0,0 +1,6 @@
+{
+   "@context":
+   {
+      "Person": "http://xmlns.com/foaf/0.1/Person"
+    }
+}

core/rio/jsonld/src/test/resources/testcases/jsonld/localFileContext/data.jsonld

@@ -0,0 +1,9 @@
+{
+  "@context":  "file:./context.jsonld",
+
+    "@id":"http://example/peter",
+    "@type":"Person"
+
+
+
+}