Skip to content
Permalink
Browse files

[GX-2017-0003]: Fix for the reported issue, only allow http, https, and

ftp schemes in the data_source tool.
  • Loading branch information...
natefoo committed Oct 19, 2017
1 parent 93a8bfc commit 0e698813a96f1ad61d797255686f69cf5e6b1280
Showing with 2 additions and 2 deletions.
  1. +2 −2 tools/data_source/data_source.py
@@ -6,7 +6,7 @@
import sys
from json import loads, dumps

from six.moves.urllib.parse import urlencode
from six.moves.urllib.parse import urlencode, urlparse
from six.moves.urllib.request import urlopen

from galaxy.jobs import TOOL_PROVIDED_JOB_METADATA_FILE
@@ -80,7 +80,7 @@ def __main__():
for data_dict in job_params[ 'output_data' ]:
cur_filename = data_dict.get( 'file_name', filename )
cur_URL = params.get( '%s|%s|URL' % ( GALAXY_PARAM_PREFIX, data_dict[ 'out_data_name' ] ), URL )
if not cur_URL:
if not cur_URL or urlparse(cur_URL).scheme not in ('http', 'https', 'ftp'):
open( cur_filename, 'w' ).write( "" )
stop_err( 'The remote data source application has not sent back a URL parameter in the request.' )

0 comments on commit 0e69881

Please sign in to comment.
You can’t perform that action at this time.