2 new commits in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/4781746d1979/ Changeset: 4781746d1979 Branch: release_15.03 User: jmchilton Date: 2015-04-21 16:41:33+00:00 Summary: Bugfix: Typo in remap dataset handling in tools. Affected #: 1 file diff -r 57bbbe1463f616f98793a87d6b3ac0d4356825f4 -r 4781746d1979e6b33cf3e8f0177ec88b6cad6d7e lib/galaxy/tools/__init__.py --- a/lib/galaxy/tools/__init__.py +++ b/lib/galaxy/tools/__init__.py @@ -2601,7 +2601,7 @@ hdca_source_dict = {} for hdca in history.dataset_collections: key = '%s_%s' % (hdca.hid, hdca.collection.id) - hdca_source_dict[ hda.collection.id ] = hdca_source_dict[ key ] = hdca + hdca_source_dict[ hdca.collection.id ] = hdca_source_dict[ key ] = hdca # Map dataset or collection to current history def map_to_history(value): https://bitbucket.org/galaxy/galaxy-central/commits/f4f0baa542a8/ Changeset: f4f0baa542a8 Branch: release_15.03 User: dan Date: 2015-04-06 15:29:32+00:00 Summary: Fix for abitrary code execution in the ToolShed when uploaded tools reference a <code file=...>. Affected #: 2 files diff -r 4781746d1979e6b33cf3e8f0177ec88b6cad6d7e -r f4f0baa542a89db2d1002a2ff5b119077d2e9de6 lib/galaxy/tools/__init__.py --- a/lib/galaxy/tools/__init__.py +++ b/lib/galaxy/tools/__init__.py @@ -417,13 +417,14 @@ dict_collection_visible_keys = ( 'id', 'name', 'version', 'description' ) default_template = 'tool_form.mako' - def __init__( self, config_file, tool_source, app, guid=None, repository_id=None ): + def __init__( self, config_file, tool_source, app, guid=None, repository_id=None, allow_code_files=True ): """Load a tool from the config named by `config_file`""" # Determine the full path of the directory where the tool config is self.config_file = config_file self.tool_dir = os.path.dirname( config_file ) self.app = app self.repository_id = repository_id + self._allow_code_files = allow_code_files #setup initial attribute values self.inputs = odict() self.stdio_exit_codes = list() @@ -704,14 +705,15 @@ # Load any tool specific code (optional) Edit: INS 5/29/2007, # allow code files to have access to the individual tool's # "module" if it has one. Allows us to reuse code files, etc. - for code_elem in root.findall("code"): - for hook_elem in code_elem.findall("hook"): - for key, value in hook_elem.items(): - # map hook to function - self.hook_map[key] = value - file_name = code_elem.get("file") - code_path = os.path.join( self.tool_dir, file_name ) - execfile( code_path, self.code_namespace ) + if self._allow_code_files: + for code_elem in root.findall("code"): + for hook_elem in code_elem.findall("hook"): + for key, value in hook_elem.items(): + # map hook to function + self.hook_map[key] = value + file_name = code_elem.get("file") + code_path = os.path.join( self.tool_dir, file_name ) + execfile( code_path, self.code_namespace ) # User interface hints uihints_elem = root.find( "uihints" ) diff -r 4781746d1979e6b33cf3e8f0177ec88b6cad6d7e -r f4f0baa542a89db2d1002a2ff5b119077d2e9de6 lib/tool_shed/tools/tool_validator.py --- a/lib/tool_shed/tools/tool_validator.py +++ b/lib/tool_shed/tools/tool_validator.py @@ -292,7 +292,7 @@ def load_tool_from_config( self, repository_id, full_path ): try: - tool = self.app.toolbox.load_tool( full_path, repository_id=repository_id ) + tool = self.app.toolbox.load_tool( full_path, repository_id=repository_id, allow_code_files=False ) valid = True error_message = None except KeyError, e: Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.