🛡️ Format Restriction in Data Submission Leads to Underutilization of RDF Options

[ccamel]

Note

Severity: Low
target: v5.0.0 - Commit: cde785fbd2dad71608d53f8524e0ef8c8f8178af
Ref: OKP4 CosmWasm Audit Report v1.0 - 02-05-2024 - BlockApex

Description

The Cognitarium smart contract is designed to support multiple RDF formats for data submission, including NQuads, RDF.XML, Turtle, and NTriples. This versatility is intended to enhance the contract’s adaptability and user experience by allowing for flexible data representation. However, the Dataverse contract, which controls the data input to the Cognitarium, is currently hardcoded to
use only the NQuads format. This restriction arises from a limitation within the submit_claims function, which lacks the capability to accept a format parameter, contrary to what is documented. As a result, despite the Cognitarium’s ability to handle various formats, this functionality is underutilized due to the Dataverse’s fixed format implementation.

This issue not only limits the flexibility of data input but also leads to a discrepancy between the system's documented capabilities and its actual functionality. The mismatch can cause confusion among users and developers, who may expect broader format support based on the official contract documentation.

Recommendation

• Dynamic Format Handling: Revise the submit_claims function in the Dataverse contract to include a format parameter, allowing users to specify the desired RDF format for their data submissions. This adjustment will enable the contract to dynamically select the appropriate data handling method based on user input.
• Documentation Alignment: Update the contract documentation to accurately reflect the operational capabilities and limitations. If the implementation of dynamic format selection is deferred, the documentation should clearly state that currently, only the NQuads format is supported.

[amimart]

The dataverse SubmitClaim execute message can only manage the N-Quads format and not the others offered by the cognitarium because it's the only one having the support of RDF named graphs, and this is critical to represent verifiable credentials..

However I totally agree with the point of properly explaining and documenting this aspect!

[amimart]

However I totally agree with the point of properly explaining and documenting this aspect!

After taking a look, the API contains an RDF format field for extensibility purposes which only contains the N-Quads format, in my sense this is self-documented. We could close this issue, what do you think?

[ccamel]

Well, I think we can provide a bit more detail on this. The key point here is that the serialization formats need to support multiple RDF graphs, which is why we don’t include Turtle, for example. Currently, we only support one format, N-Quads, but there are others like TriG and JSON-LD (this is the purpose of the enumerated type, to allow extension).

My suggestion would be to rename the enum RdfFormat type to RdfDatasetFormat, which better conveys the nature of the serialization formats that should be accepted: an RDF dataset is a structure composed of a distinguished RDF graph and zero or more named graphs. And adjust the comments accordingly. This would bring more clarity.