1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/9452c068ec99/ Changeset: 9452c068ec99 User: jmchilton Date: 2014-05-19 18:51:07 Summary: Rework, improve validation of dataset creation requests. Being more thorough fixes some potential security problems and will allow some performance optimizations I'm planning. Affected #: 2 files diff -r c4404368f34df8089812f14dff298092e3ba7a81 -r 9452c068ec99c52c66dcb2bbb208787f8d379d22 lib/galaxy/dataset_collections/__init__.py --- a/lib/galaxy/dataset_collections/__init__.py +++ b/lib/galaxy/dataset_collections/__init__.py @@ -1,6 +1,8 @@ from .registry import DatasetCollectionTypesRegistry from .matching import MatchingCollections from .type_description import CollectionTypeDescriptionFactory +from .util import validate_input_element_identifiers + from galaxy import model from galaxy.exceptions import MessageException @@ -53,6 +55,8 @@ ): """ """ + if element_identifiers: + validate_input_element_identifiers( element_identifiers ) dataset_collection = self.__create_dataset_collection( trans=trans, collection_type=collection_type, @@ -99,6 +103,8 @@ if not collection_type: raise RequestParameterInvalidException( ERROR_NO_COLLECTION_TYPE ) collection_type_description = self.collection_type_descriptions.for_collection_type( collection_type ) + # If we have elements, this is an internal request, don't need to load + # objects from identifiers. if elements is None: if collection_type_description.has_subcollections( ): # Nested collection - recursively create collections and update identifiers. @@ -186,8 +192,6 @@ # element identifier is a dict with src new_collection... collection_type = element_identifier.get( "collection_type", None ) - if not collection_type: - raise RequestParameterInvalidException( "No collection_type define for nested collection." ) collection = self.__create_dataset_collection( trans=trans, collection_type=collection_type, @@ -202,10 +206,6 @@ def __load_elements( self, trans, element_identifiers ): elements = odict.odict() for element_identifier in element_identifiers: - if "name" not in element_identifier: - raise RequestParameterInvalidException( - "Cannot load invalid dataset identifier - missing name - %s" % element_identifier - ) elements[ element_identifier[ "name" ] ] = self.__load_element( trans, element_identifier ) return elements @@ -234,8 +234,6 @@ element = self.__get_history_collection_instance( trans, encoded_id ).collection # TODO: ldca. elif src_type == "dc": - # TODO: Force only used internally during nested creation so no - # need to recheck security. element = self.get_dataset_collection( trans, encoded_id ) else: raise RequestParameterInvalidException( "Unknown src_type parameter supplied '%s'." % src_type ) diff -r c4404368f34df8089812f14dff298092e3ba7a81 -r 9452c068ec99c52c66dcb2bbb208787f8d379d22 lib/galaxy/dataset_collections/util.py --- a/lib/galaxy/dataset_collections/util.py +++ b/lib/galaxy/dataset_collections/util.py @@ -2,6 +2,11 @@ from galaxy import web from galaxy import model +ERROR_MESSAGE_UNKNOWN_SRC = "Unknown dataset source (src) %s." +ERROR_MESSAGE_NO_NESTED_IDENTIFIERS = "Dataset source new_collection requires nested element_identifiers for new collection." +ERROR_MESSAGE_NO_NAME = "Cannot load invalid dataset identifier - missing name - %s" +ERROR_MESSAGE_NO_COLLECTION_TYPE = "No collection_type define for nested collection %s." + def api_payload_to_create_params( payload ): """ @@ -22,6 +27,28 @@ return params +def validate_input_element_identifiers( element_identifiers ): + """ Scan through the list of element identifiers supplied by the API consumer + and verify the structure is valid. + """ + for element_identifier in element_identifiers: + if "name" not in element_identifier: + message = ERROR_MESSAGE_NO_NAME % element_identifier + raise exceptions.RequestParameterInvalidException( message ) + src = element_identifier.get( "src", "hda" ) + if src not in [ "hda", "hdca", "ldda", "new_collection" ]: + message = ERROR_MESSAGE_UNKNOWN_SRC % src + raise exceptions.RequestParameterInvalidException( message ) + if src == "new_collection": + if "element_identifiers" not in element_identifier: + message = ERROR_MESSAGE_NO_NESTED_IDENTIFIERS + raise exceptions.RequestParameterInvalidException( ERROR_MESSAGE_NO_NESTED_IDENTIFIERS ) + if "collection_type" not in element_identifier: + message = ERROR_MESSAGE_NO_COLLECTION_TYPE % element_identifier + raise exceptions.RequestParameterInvalidException( message ) + validate_input_element_identifiers( element_identifier[ "element_identifiers" ] ) + + def dictify_dataset_collection_instance( dataset_colleciton_instance, parent, security, view="element" ): dict_value = dataset_colleciton_instance.to_dict( view=view ) encoded_id = security.encode_id( dataset_colleciton_instance.id ) Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.