Quote and escape job string fields

ag-computational-bio · Nov 18, 2021 · fc370d4 · fc370d4
1 parent f58d579
commit fc370d4
Show file tree

Hide file tree

Showing 2 changed files with 116 additions and 6 deletions.
diff --git a/scheduler/job_configurator.go b/scheduler/job_configurator.go
@@ -13,6 +13,10 @@ import (
 	"github.com/ag-computational-bio/bakta-web-backend/objectStorage"
 )
 
+func quote(s string) string {
+	return fmt.Sprintf("\"%v\"", strings.ReplaceAll(s, "\"", "\\\""))
+}
+
 //createDownloadConf Creates the configuration string for the download part of a bakta job
 //The job has to be provided along with two bools that indicate if a prodigal training file and/or a replicon file are present
 func createDownloadConf(job *database.Job, prodigaltf bool, replicontsv bool) (string, error) {
@@ -64,31 +68,31 @@ func createBaktaConf(job *database.Job, conf *api.JobConfig) (string, error) {
 	}
 
 	if conf.Locus != "" {
-		confStringElements = append(confStringElements, fmt.Sprintf("--locus %v", conf.Locus))
+		confStringElements = append(confStringElements, fmt.Sprintf("--locus %v", quote(conf.Locus)))
 	}
 
 	if conf.LocusTag != "" {
-		confStringElements = append(confStringElements, fmt.Sprintf("--locus-tag %v", conf.LocusTag))
+		confStringElements = append(confStringElements, fmt.Sprintf("--locus-tag %v", quote(conf.LocusTag)))
 	}
 
 	if conf.KeepContigHeaders {
 		confStringElements = append(confStringElements, "--keep-contig-headers")
 	}
 
 	if conf.Genus != "" {
-		confStringElements = append(confStringElements, fmt.Sprintf("--genus %v", conf.Genus))
+		confStringElements = append(confStringElements, fmt.Sprintf("--genus %v", quote(conf.Genus)))
 	}
 
 	if conf.Species != "" {
-		confStringElements = append(confStringElements, fmt.Sprintf("--species %v", conf.Species))
+		confStringElements = append(confStringElements, fmt.Sprintf("--species %v", quote(conf.Species)))
 	}
 
 	if conf.Strain != "" {
-		confStringElements = append(confStringElements, fmt.Sprintf("--strain %v", conf.Strain))
+		confStringElements = append(confStringElements, fmt.Sprintf("--strain %v", quote(conf.Strain)))
 	}
 
 	if conf.Plasmid != "" {
-		confStringElements = append(confStringElements, fmt.Sprintf("--plasmid %v", conf.Plasmid))
+		confStringElements = append(confStringElements, fmt.Sprintf("--plasmid %v", quote(conf.Plasmid)))
 	}
 
 	if conf.Compliant {

diff --git a/scheduler/job_configurator_test.go b/scheduler/job_configurator_test.go
@@ -1 +1,107 @@
 package scheduler
+
+import (
+	"testing"
+
+	api "github.com/ag-computational-bio/bakta-web-api-go/bakta/web/api/proto/v1"
+	db "github.com/ag-computational-bio/bakta-web-backend/database"
+)
+
+func Test_species_should_be_quoted(t *testing.T) {
+
+	job := db.Job{}
+	job.FastaKey = "irrelevant"
+
+	config := api.JobConfig{}
+	config.Species = "test\"; rm -rf /"
+
+	jobstring, _ := createBaktaConf(&job, &config)
+	expected := "--tmp-dir /cache --threads 12 --prefix result -o /output --db /db/db --species \"test\\\"; rm -rf /\" --gram ? /data/irrelevant"
+	if jobstring != expected {
+		t.Errorf("Expected '%v', Got '%v'", expected, jobstring)
+	}
+}
+func Test_genus_should_be_quoted(t *testing.T) {
+	job := db.Job{}
+	job.FastaKey = "irrelevant"
+
+	config := api.JobConfig{}
+	config.Genus = "test\"; rm -rf /"
+
+	jobstring, _ := createBaktaConf(&job, &config)
+	expected := "--tmp-dir /cache --threads 12 --prefix result -o /output --db /db/db --genus \"test\\\"; rm -rf /\" --gram ? /data/irrelevant"
+	if jobstring != expected {
+		t.Errorf("Expected '%v', Got '%v'", expected, jobstring)
+	}
+}
+func Test_strain_should_be_quoted(t *testing.T) {
+	job := db.Job{}
+	job.FastaKey = "irrelevant"
+
+	config := api.JobConfig{}
+	config.Strain = "test\"; rm -rf /"
+
+	jobstring, _ := createBaktaConf(&job, &config)
+	expected := "--tmp-dir /cache --threads 12 --prefix result -o /output --db /db/db --strain \"test\\\"; rm -rf /\" --gram ? /data/irrelevant"
+	if jobstring != expected {
+		t.Errorf("Expected '%v', Got '%v'", expected, jobstring)
+	}
+}
+
+func Test_locus_should_be_quoted(t *testing.T) {
+	job := db.Job{}
+	job.FastaKey = "irrelevant"
+
+	config := api.JobConfig{}
+	config.Locus = "test\"; rm -rf /"
+
+	jobstring, _ := createBaktaConf(&job, &config)
+	expected := "--tmp-dir /cache --threads 12 --prefix result -o /output --db /db/db --locus \"test\\\"; rm -rf /\" --gram ? /data/irrelevant"
+	if jobstring != expected {
+		t.Errorf("Expected '%v', Got '%v'", expected, jobstring)
+	}
+}
+func Test_locus_tag_should_be_quoted(t *testing.T) {
+	job := db.Job{}
+	job.FastaKey = "irrelevant"
+
+	config := api.JobConfig{}
+	config.LocusTag = "test\"; rm -rf /"
+
+	jobstring, _ := createBaktaConf(&job, &config)
+	expected := "--tmp-dir /cache --threads 12 --prefix result -o /output --db /db/db --locus-tag \"test\\\"; rm -rf /\" --gram ? /data/irrelevant"
+	if jobstring != expected {
+		t.Errorf("Expected '%v', Got '%v'", expected, jobstring)
+	}
+}
+
+func Test_plasmid_tag_should_be_quoted(t *testing.T) {
+	job := db.Job{}
+	job.FastaKey = "irrelevant"
+
+	config := api.JobConfig{}
+	config.Plasmid = "test\"; rm -rf /"
+
+	jobstring, _ := createBaktaConf(&job, &config)
+	expected := "--tmp-dir /cache --threads 12 --prefix result -o /output --db /db/db --plasmid \"test\\\"; rm -rf /\" --gram ? /data/irrelevant"
+	if jobstring != expected {
+		t.Errorf("Expected '%v', Got '%v'", expected, jobstring)
+	}
+}
+
+func TestQuote(t *testing.T) {
+	testData := []struct {
+		input    string
+		expected string
+	}{
+		{"", "\"\""},
+		{"test", "\"test\""},
+		{"test\" rm -rf /", "\"test\\\" rm -rf /\""},
+	}
+	for _, data := range testData {
+		quoted := quote(data.input)
+		if quoted != data.expected {
+			t.Errorf("Expected '%v', Got '%v'", data.expected, quoted)
+		}
+	}
+}