Commit 2360f9dd authored by Floreal Cabanettes's avatar Floreal Cabanettes
Browse files

Fix seurity breaches, Fixes #121

parent 7a39c212
...@@ -107,9 +107,13 @@ def launch_analysis(): ...@@ -107,9 +107,13 @@ def launch_analysis():
errors.append("Id of job not given") errors.append("Id of job not given")
form_pass = False form_pass = False
if email == "" and MODE == "webserver": if MODE == "webserver":
errors.append("Email not given") if email == "":
form_pass = False errors.append("Email not given")
form_pass = False
elif not re.match(r"^[\w\-]+@[\w\-]{2,}\.[a-z]{2,4}", email):
errors.append("Email is invalid")
form_pass = False
if file_target == "": if file_target == "":
errors.append("No target fasta selected") errors.append("No target fasta selected")
form_pass = False form_pass = False
...@@ -133,20 +137,27 @@ def launch_analysis(): ...@@ -133,20 +137,27 @@ def launch_analysis():
query_name = os.path.splitext(file_query.replace(".gz", ""))[0] if file_query_type == "local" else None query_name = os.path.splitext(file_query.replace(".gz", ""))[0] if file_query_type == "local" else None
query_path = os.path.join(app.config["UPLOAD_FOLDER"], upload_folder, file_query) \ query_path = os.path.join(app.config["UPLOAD_FOLDER"], upload_folder, file_query) \
if file_query_type == "local" else file_query if file_query_type == "local" else file_query
if file_query_type == "local" and not os.path.exists(query_path):
errors.append("Query file not correct!")
form_pass = False
query = Fasta(name=query_name, path=query_path, type_f=file_query_type) query = Fasta(name=query_name, path=query_path, type_f=file_query_type)
target_name = os.path.splitext(file_target.replace(".gz", ""))[0] if file_target_type == "local" else None target_name = os.path.splitext(file_target.replace(".gz", ""))[0] if file_target_type == "local" else None
target_path = os.path.join(app.config["UPLOAD_FOLDER"], upload_folder, file_target) \ target_path = os.path.join(app.config["UPLOAD_FOLDER"], upload_folder, file_target) \
if file_target_type == "local" else file_target if file_target_type == "local" else file_target
if file_target_type == "local" and not os.path.exists(target_path):
errors.append("Target file not correct!")
form_pass = False
target = Fasta(name=target_name, path=target_path, type_f=file_target_type) target = Fasta(name=target_name, path=target_path, type_f=file_target_type)
# Launch job: if form_pass:
job = JobManager(id_job, email, query, target, mailer) # Launch job:
if MODE == "webserver": job = JobManager(id_job, email, query, target, mailer)
job.launch() if MODE == "webserver":
else: job.launch()
job.launch_standalone() else:
return jsonify({"success": True, "redirect": url_for(".status", id_job=id_job)}) job.launch_standalone()
else: return jsonify({"success": True, "redirect": url_for(".status", id_job=id_job)})
if not form_pass:
return jsonify({"success": False, "errors": errors}) return jsonify({"success": False, "errors": errors})
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment