[galaxy-commits] commit/galaxy-central: 2 new changesets

commits-noreply at bitbucket.org commits-noreply at bitbucket.org
Wed Apr 22 15:03:43 EDT 2015


2 new commits in galaxy-central:

https://bitbucket.org/galaxy/galaxy-central/commits/4781746d1979/
Changeset:   4781746d1979
Branch:      release_15.03
User:        jmchilton
Date:        2015-04-21 16:41:33+00:00
Summary:     Bugfix: Typo in remap dataset handling in tools.
Affected #:  1 file

diff -r 57bbbe1463f616f98793a87d6b3ac0d4356825f4 -r 4781746d1979e6b33cf3e8f0177ec88b6cad6d7e lib/galaxy/tools/__init__.py
--- a/lib/galaxy/tools/__init__.py
+++ b/lib/galaxy/tools/__init__.py
@@ -2601,7 +2601,7 @@
         hdca_source_dict = {}
         for hdca in history.dataset_collections:
             key = '%s_%s' % (hdca.hid, hdca.collection.id)
-            hdca_source_dict[ hda.collection.id ] = hdca_source_dict[ key ] = hdca
+            hdca_source_dict[ hdca.collection.id ] = hdca_source_dict[ key ] = hdca
 
         # Map dataset or collection to current history
         def map_to_history(value):


https://bitbucket.org/galaxy/galaxy-central/commits/f4f0baa542a8/
Changeset:   f4f0baa542a8
Branch:      release_15.03
User:        dan
Date:        2015-04-06 15:29:32+00:00
Summary:     Fix for abitrary code execution in the ToolShed when uploaded tools reference a <code file=...>.
Affected #:  2 files

diff -r 4781746d1979e6b33cf3e8f0177ec88b6cad6d7e -r f4f0baa542a89db2d1002a2ff5b119077d2e9de6 lib/galaxy/tools/__init__.py
--- a/lib/galaxy/tools/__init__.py
+++ b/lib/galaxy/tools/__init__.py
@@ -417,13 +417,14 @@
     dict_collection_visible_keys = ( 'id', 'name', 'version', 'description' )
     default_template = 'tool_form.mako'
 
-    def __init__( self, config_file, tool_source, app, guid=None, repository_id=None ):
+    def __init__( self, config_file, tool_source, app, guid=None, repository_id=None, allow_code_files=True ):
         """Load a tool from the config named by `config_file`"""
         # Determine the full path of the directory where the tool config is
         self.config_file = config_file
         self.tool_dir = os.path.dirname( config_file )
         self.app = app
         self.repository_id = repository_id
+        self._allow_code_files = allow_code_files
         #setup initial attribute values
         self.inputs = odict()
         self.stdio_exit_codes = list()
@@ -704,14 +705,15 @@
         # Load any tool specific code (optional) Edit: INS 5/29/2007,
         # allow code files to have access to the individual tool's
         # "module" if it has one.  Allows us to reuse code files, etc.
-        for code_elem in root.findall("code"):
-            for hook_elem in code_elem.findall("hook"):
-                for key, value in hook_elem.items():
-                    # map hook to function
-                    self.hook_map[key] = value
-            file_name = code_elem.get("file")
-            code_path = os.path.join( self.tool_dir, file_name )
-            execfile( code_path, self.code_namespace )
+        if self._allow_code_files:
+            for code_elem in root.findall("code"):
+                for hook_elem in code_elem.findall("hook"):
+                    for key, value in hook_elem.items():
+                        # map hook to function
+                        self.hook_map[key] = value
+                file_name = code_elem.get("file")
+                code_path = os.path.join( self.tool_dir, file_name )
+                execfile( code_path, self.code_namespace )
 
         # User interface hints
         uihints_elem = root.find( "uihints" )

diff -r 4781746d1979e6b33cf3e8f0177ec88b6cad6d7e -r f4f0baa542a89db2d1002a2ff5b119077d2e9de6 lib/tool_shed/tools/tool_validator.py
--- a/lib/tool_shed/tools/tool_validator.py
+++ b/lib/tool_shed/tools/tool_validator.py
@@ -292,7 +292,7 @@
 
     def load_tool_from_config( self, repository_id, full_path ):
         try:
-            tool = self.app.toolbox.load_tool( full_path, repository_id=repository_id )
+            tool = self.app.toolbox.load_tool( full_path, repository_id=repository_id, allow_code_files=False )
             valid = True
             error_message = None
         except KeyError, e:

Repository URL: https://bitbucket.org/galaxy/galaxy-central/

--

This is a commit notification from bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.


More information about the galaxy-commits mailing list