Skip to content

Instantly share code, notes, and snippets.

@jindrichmynarz

jindrichmynarz/obfuscate_rdf.ru

Created June 5, 2018 13:26
Show Gist options
  • Save jindrichmynarz/6d0669fd32254cd1cd238270865d7c69 to your computer and use it in GitHub Desktop.
Save jindrichmynarz/6d0669fd32254cd1cd238270865d7c69 to your computer and use it in GitHub Desktop.
Download ZIP
Basic obfuscation of RDF data using SHA hashes + UUID salt
Raw
obfuscate_rdf.ru
PREFIX owl: <http://www.w3.org/2002/07/owl#>
PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>
PREFIX xsd: <http://www.w3.org/2001/XMLSchema#>
###############
# Create salt #
###############
INSERT {
GRAPH :mappings {
[] <urn:example:salt> ?salt .
}
}
WHERE {
BIND (STRUUID() AS ?salt)
}
;
############################
# Create mappings for IRIs #
############################
INSERT {
GRAPH :mappings {
?source owl:sameAs ?target .
}
}
WHERE {
GRAPH :mappings {
[] <urn:example:salt> ?salt .
}
{
?source ?p [] .
} UNION {
[] ?p ?source .
}
FILTER isIRI(?source)
BIND (iri(concat(str(:), sha1(concat(str(?source), ?salt)))) AS ?target)
}
;
######################
# Obfuscate subjects #
######################
DELETE {
?source ?p ?o .
}
INSERT {
?target ?p ?o .
}
WHERE {
GRAPH :mappings {
?source owl:sameAs ?target .
}
?source ?p ?o .
}
;
#########################
# Obfuscate object IRIs #
#########################
DELETE {
?s ?p ?source .
}
INSERT {
?s ?p ?target .
}
WHERE {
GRAPH :mappings {
?source owl:sameAs ?target .
}
?s ?p ?source .
}
;
#############################
# Obfuscate string literals #
#############################
DELETE {
?s ?p ?source .
}
INSERT {
?s ?p ?target .
}
WHERE {
GRAPH :mappings {
[] <urn:example:salt> ?salt .
}
?s ?p ?source .
FILTER isLiteral(?source)
BIND (datatype(?source) AS ?datatype)
FILTER (?datatype = rdf:langString
||
?datatype = xsd:string)
BIND (sha1(concat(?source, ?salt)) AS ?_target)
BIND (if(sameTerm(?datatype, rdf:langString),
strlang(?_target, lang(?source)),
?_target)
AS ?target)
}
;
#################################
# Obfuscate non-string literals #
#################################
DELETE {
?s ?p ?source .
}
INSERT {
?s ?p ?target .
}
WHERE {
GRAPH :mappings {
[] <urn:example:salt> ?salt .
}
?s ?p ?source .
FILTER isLiteral(?source)
BIND (datatype(?source) AS ?sourceDatatype)
FILTER (?sourceDatatype NOT IN (rdf:langString, xsd:string))
BIND (iri(concat(str(:), sha1(concat(str(?sourceDatatype), ?salt)))) AS ?targetDatatype)
BIND (strdt(sha1(concat(str(?source), ?salt)), ?targetDatatype) AS ?target)
}
;
#########################
## Obfuscate predicates #
#########################
DELETE {
?s ?source ?o .
}
INSERT {
?s ?target ?o .
}
WHERE {
{
SELECT ?source ?target
WHERE {
{
SELECT DISTINCT ?source
WHERE {
[] ?source [] .
}
}
GRAPH :mappings {
[] <urn:example:salt> ?salt .
}
BIND (iri(concat(str(:), sha1(concat(str(?source), ?salt)))) AS ?target)
}
}
?s ?source ?o .
}
;
###################
# Delete mappings #
###################
CLEAR GRAPH :mappings
;
Raw
obfuscate_rdf.sh
#!/usr/bin/env bash
# Basic obfuscation of RDF data using SHA hashes + UUID salt
# Limitations: Works only for RDF triples, not quads.
#
# Usage: ./obfuscate_rdf.sh input > output
set -e
die () {
echo >&2 "$@"
exit 1
}
has_command () {
[ "$#" -ne 1 ] && die "Provide a command to test!"
command -v $1 >/dev/null 2>&1 || die "Command ${1} is missing!"
}
declare -a required_commands=("riot" "update" "uuidgen")
for cmd in "${required_commands[@]}"
do
has_command "$cmd"
done
TMPFILE=$(mktemp)
UUID=$(uuidgen | tr "[A-Z]" "[a-z]")
(printf "PREFIX : <http://${UUID}.com/>\n" && cat obfuscate_rdf.ru) > "$TMPFILE"
update --data "$1" --update "$TMPFILE" --dump |
(printf "@prefix : <http://$UUID.com/> .\n" && cat) |
riot --syntax TURTLE --output TURTLE -
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment