1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/5f59c9e4d36d/ Changeset: 5f59c9e4d36d User: jmchilton Date: 2015-01-27 17:14:56+00:00 Summary: Test cases for select validation handling. Normal selects seem to be prevented from execution with invalid parameter values, but not columns. Values are escaped properly so shell exploitation isn't the problem - but as a usability thing Galaxy should prevent execution and provide a warning message. Affected #: 1 file diff -r 1096077cabbd4046b7da9ce45cecf1151b7ebc75 -r 5f59c9e4d36d796b40a4817c38b66f5def94dc2d test/api/test_tools.py --- a/test/api/test_tools.py +++ b/test/api/test_tools.py @@ -201,6 +201,27 @@ response = self._run( "validation_default", history_id, inputs ) self._assert_status_code_is( response, 400 ) + @skip_without_tool( "multi_select" ) + def test_select_legal_values( self ): + history_id = self.dataset_populator.new_history() + inputs = { + 'select_ex': 'not_option', + } + response = self._run( "multi_select", history_id, inputs ) + self._assert_status_code_is( response, 400 ) + + @skip_without_tool( "column_param" ) + def test_column_legal_values( self ): + history_id = self.dataset_populator.new_history() + new_dataset1 = self.dataset_populator.new_dataset( history_id, content='#col1\tcol2' ) + inputs = { + 'input1': { "src": "hda", "id": new_dataset1["id"] }, + 'col': "' ; echo 'moo", + } + response = self._run( "column_param", history_id, inputs ) + # TODO: make this test pass... + self._assert_status_code_is( response, 400 ) + @skip_without_tool( "collection_paired_test" ) def test_collection_parameter( self ): history_id = self.dataset_populator.new_history() Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.