2 new commits in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/1370ef01209d/ Changeset: 1370ef01209d User: dannon Date: 2014-11-03 19:52:21+00:00 Summary: Patch from Eric Rasche, redacting a few things from sentry reports. Affected #: 1 file diff -r 1bb61cbf80825b0793a61d83f01925b57467d3a9 -r 1370ef01209d6b6329c9285891e94ebd2f7ccdb6 lib/galaxy/web/framework/middleware/sentry.py --- a/lib/galaxy/web/framework/middleware/sentry.py +++ b/lib/galaxy/web/framework/middleware/sentry.py @@ -44,6 +44,25 @@ self.handle_exception(environ) def handle_exception(self, environ): + headers = dict(get_headers(environ)) + # Authorization header for REMOTE_USER sites consists of a base64() of + # their plaintext password. It is a security issue for this password to + # be exposed to a third party system which may or may not be under + # control of the same administrators as the local Authentication + # system. E.g. university LDAP systems. + if 'Authorization' in headers: + # Redact so the administrator knows that a value is indeed present. + headers['Authorization'] = 'redacted' + # Passing cookies allows for impersonation of users (depending on + # remote service) and can be considered a security risk as well. For + # multiple services running alongside Galaxy on the same host, this + # could allow a sentry user with access to logs to impersonate a user + # on another service. In the case of services like IPython, this can be + # a serious concern as that would allow for terminal access. Furthermore, + # very little debugging information can be gained as a result of having + # access to all of the users cookies (including Galaxy cookies) + if 'Cookie' in headers: + headers['Cookie'] = 'redacted' event_id = self.client.captureException( data={ 'sentry.interfaces.Http': { @@ -52,7 +71,7 @@ 'query_string': environ.get('QUERY_STRING'), # TODO # 'data': environ.get('wsgi.input'), - 'headers': dict(get_headers(environ)), + 'headers': headers, 'env': dict(get_environ(environ)), } }, https://bitbucket.org/galaxy/galaxy-central/commits/db6130ed74cd/ Changeset: db6130ed74cd User: dannon Date: 2014-11-03 20:04:17+00:00 Summary: Merge. Affected #: 2 files diff -r 1370ef01209d6b6329c9285891e94ebd2f7ccdb6 -r db6130ed74cd2186e8646e20a8c94993c114ff1a lib/galaxy/tools/evaluation.py --- a/lib/galaxy/tools/evaluation.py +++ b/lib/galaxy/tools/evaluation.py @@ -362,6 +362,11 @@ try: # Substituting parameters into the command command_line = fill_template( command, context=param_dict ) + cleaned_command_line = [] + # Remove leading and trailing whitespace from each line for readability. + for line in command_line.split( '\n' ): + cleaned_command_line.append( line.strip() ) + command_line = '\n'.join( cleaned_command_line ) # Remove newlines from command line, and any leading/trailing white space command_line = command_line.replace( "\n", " " ).replace( "\r", " " ).strip() except Exception: diff -r 1370ef01209d6b6329c9285891e94ebd2f7ccdb6 -r db6130ed74cd2186e8646e20a8c94993c114ff1a test/install_and_test_tool_shed_repositories/repositories_with_tools/functional_tests.py --- a/test/install_and_test_tool_shed_repositories/repositories_with_tools/functional_tests.py +++ b/test/install_and_test_tool_shed_repositories/repositories_with_tools/functional_tests.py @@ -441,7 +441,9 @@ pass print "Database connection: ", database_connection print "Install database connection: ", install_database_connection - # Generate the shed_tool_data_table_conf.xml file. + # Generate the tool data table configuration files. + if not os.path.exists( galaxy_tool_data_table_conf_file ): + file( galaxy_tool_data_table_conf_file, 'w' ).write( install_and_test_base_util.tool_data_table_conf_xml_template ) file( shed_tool_data_table_conf_file, 'w' ).write( install_and_test_base_util.tool_data_table_conf_xml_template ) os.environ[ 'GALAXY_INSTALL_TEST_SHED_TOOL_DATA_TABLE_CONF' ] = shed_tool_data_table_conf_file # ---- Start up a Galaxy instance ------------------------------------------------------ Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.