Additional hardening for older releases

galaxyproject · Oct 18, 2017 · 6d89482 · 6d89482
1 parent f925ffe
commit 6d89482
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 11 deletions.
diff --git a/lib/galaxy/datatypes/dataproviders/external.py b/lib/galaxy/datatypes/dataproviders/external.py
@@ -8,8 +8,9 @@
 import line
 import subprocess
 import tempfile
-import urllib
-import urllib2
+
+from six.moves.urllib.parse import urlencode, urlparse
+from six.moves.urllib.request import urlopen
 
 _TODO = """
 YAGNI: ftp, image, cryptos, sockets
@@ -105,13 +106,16 @@ def __init__( self, url, method='GET', data=None, **kwargs ):
         self.method = method
 
         self.data = data or {}
-        encoded_data = urllib.urlencode( self.data )
+        encoded_data = urlencode( self.data )
+
+        scheme = urlparse(url).scheme
+        assert scheme in ('http', 'https', 'ftp'), 'Invalid URL scheme: %s' % scheme
 
         if method == 'GET':
             self.url += '?%s' % ( encoded_data )
-            opened = urllib2.urlopen( url )
+            opened = urlopen( url )
         elif method == 'POST':
-            opened = urllib2.urlopen( url, encoded_data )
+            opened = urlopen( url, encoded_data )
         else:
             raise ValueError( 'Not a valid method: %s' % ( method ) )
 

diff --git a/lib/galaxy/util/__init__.py b/lib/galaxy/util/__init__.py
@@ -1454,6 +1454,7 @@ def build_url( base_url, port=80, scheme='http', pathspec=None, params=None, dos
     parsed_url = urlparse.urlparse( base_url )
     if scheme != 'http':
         parsed_url.scheme = scheme
+    assert parsed_url.scheme in ('http', 'https', 'ftp'), 'Invalid URL scheme: %s' % scheme
     if port != 80:
         url = '%s://%s:%d/%s' % ( parsed_url.scheme, parsed_url.netloc.rstrip( '/' ), int( port ), parsed_url.path )
     else:

diff --git a/lib/tool_shed/galaxy_install/repository_dependencies/repository_dependency_manager.py b/lib/tool_shed/galaxy_install/repository_dependencies/repository_dependency_manager.py
@@ -5,8 +5,9 @@
 import json
 import logging
 import os
-import urllib
-import urllib2
+
+from six.moves.urllib.parse import urlencode, urlparse
+from six.moves.urllib.request import Request, urlopen
 
 from galaxy.util import asbool, url_get, build_url
 
@@ -380,10 +381,9 @@ def get_required_repo_info_dicts( self, tool_shed_url, repo_info_dicts ):
                         tool_shed_url = common_util.get_tool_shed_url_from_tool_shed_registry( self.app, tool_shed_url )
                     pathspec = [ 'repository', 'get_required_repo_info_dict' ]
                     url = build_url( tool_shed_url, pathspec=pathspec )
-                    # Fix for handling 307 redirect not being handled nicely by urllib2.urlopen when the urllib2.Request has data provided
-                    url = urllib2.urlopen( urllib2.Request( url ) ).geturl()
-                    request = urllib2.Request( url, data=urllib.urlencode( dict( encoded_str=encoded_required_repository_str ) ) )
-                    response = urllib2.urlopen( request ).read()
+                    # Fix for handling 307 redirect not being handled nicely by urlopen() when the Request() has data provided
+                    url = _urlopen(url).geturl()
+                    response = _urlopen(url, urlencode(dict(encoded_str=encoded_required_repository_str))).read()
                     if response:
                         try:
                             required_repo_info_dict = json.loads( response )
@@ -470,3 +470,9 @@ def reset_previously_installed_repository( self, repository ):
         repository.error_message = None
         self.app.install_model.context.add( repository )
         self.app.install_model.context.flush()
+
+
+def _urlopen(url, data=None):
+    scheme = urlparse(url).scheme
+    assert scheme in ('http', 'https', 'ftp'), 'Invalid URL scheme: %s' % scheme
+    return urlopen(Request(url, data))