From fc370d477938837d0ac2615af07b60cdf7a5cb0d Mon Sep 17 00:00:00 2001 From: Lukas Jelonek Date: Thu, 18 Nov 2021 15:44:08 +0100 Subject: [PATCH] Quote and escape job string fields --- scheduler/job_configurator.go | 16 +++-- scheduler/job_configurator_test.go | 106 +++++++++++++++++++++++++++++ 2 files changed, 116 insertions(+), 6 deletions(-) diff --git a/scheduler/job_configurator.go b/scheduler/job_configurator.go index 18a6317..752cb1c 100644 --- a/scheduler/job_configurator.go +++ b/scheduler/job_configurator.go @@ -13,6 +13,10 @@ import ( "github.com/ag-computational-bio/bakta-web-backend/objectStorage" ) +func quote(s string) string { + return fmt.Sprintf("\"%v\"", strings.ReplaceAll(s, "\"", "\\\"")) +} + //createDownloadConf Creates the configuration string for the download part of a bakta job //The job has to be provided along with two bools that indicate if a prodigal training file and/or a replicon file are present func createDownloadConf(job *database.Job, prodigaltf bool, replicontsv bool) (string, error) { @@ -64,11 +68,11 @@ func createBaktaConf(job *database.Job, conf *api.JobConfig) (string, error) { } if conf.Locus != "" { - confStringElements = append(confStringElements, fmt.Sprintf("--locus %v", conf.Locus)) + confStringElements = append(confStringElements, fmt.Sprintf("--locus %v", quote(conf.Locus))) } if conf.LocusTag != "" { - confStringElements = append(confStringElements, fmt.Sprintf("--locus-tag %v", conf.LocusTag)) + confStringElements = append(confStringElements, fmt.Sprintf("--locus-tag %v", quote(conf.LocusTag))) } if conf.KeepContigHeaders { @@ -76,19 +80,19 @@ func createBaktaConf(job *database.Job, conf *api.JobConfig) (string, error) { } if conf.Genus != "" { - confStringElements = append(confStringElements, fmt.Sprintf("--genus %v", conf.Genus)) + confStringElements = append(confStringElements, fmt.Sprintf("--genus %v", quote(conf.Genus))) } if conf.Species != "" { - confStringElements = append(confStringElements, fmt.Sprintf("--species %v", conf.Species)) + confStringElements = append(confStringElements, fmt.Sprintf("--species %v", quote(conf.Species))) } if conf.Strain != "" { - confStringElements = append(confStringElements, fmt.Sprintf("--strain %v", conf.Strain)) + confStringElements = append(confStringElements, fmt.Sprintf("--strain %v", quote(conf.Strain))) } if conf.Plasmid != "" { - confStringElements = append(confStringElements, fmt.Sprintf("--plasmid %v", conf.Plasmid)) + confStringElements = append(confStringElements, fmt.Sprintf("--plasmid %v", quote(conf.Plasmid))) } if conf.Compliant { diff --git a/scheduler/job_configurator_test.go b/scheduler/job_configurator_test.go index 6990da0..289fc20 100644 --- a/scheduler/job_configurator_test.go +++ b/scheduler/job_configurator_test.go @@ -1 +1,107 @@ package scheduler + +import ( + "testing" + + api "github.com/ag-computational-bio/bakta-web-api-go/bakta/web/api/proto/v1" + db "github.com/ag-computational-bio/bakta-web-backend/database" +) + +func Test_species_should_be_quoted(t *testing.T) { + + job := db.Job{} + job.FastaKey = "irrelevant" + + config := api.JobConfig{} + config.Species = "test\"; rm -rf /" + + jobstring, _ := createBaktaConf(&job, &config) + expected := "--tmp-dir /cache --threads 12 --prefix result -o /output --db /db/db --species \"test\\\"; rm -rf /\" --gram ? /data/irrelevant" + if jobstring != expected { + t.Errorf("Expected '%v', Got '%v'", expected, jobstring) + } +} +func Test_genus_should_be_quoted(t *testing.T) { + job := db.Job{} + job.FastaKey = "irrelevant" + + config := api.JobConfig{} + config.Genus = "test\"; rm -rf /" + + jobstring, _ := createBaktaConf(&job, &config) + expected := "--tmp-dir /cache --threads 12 --prefix result -o /output --db /db/db --genus \"test\\\"; rm -rf /\" --gram ? /data/irrelevant" + if jobstring != expected { + t.Errorf("Expected '%v', Got '%v'", expected, jobstring) + } +} +func Test_strain_should_be_quoted(t *testing.T) { + job := db.Job{} + job.FastaKey = "irrelevant" + + config := api.JobConfig{} + config.Strain = "test\"; rm -rf /" + + jobstring, _ := createBaktaConf(&job, &config) + expected := "--tmp-dir /cache --threads 12 --prefix result -o /output --db /db/db --strain \"test\\\"; rm -rf /\" --gram ? /data/irrelevant" + if jobstring != expected { + t.Errorf("Expected '%v', Got '%v'", expected, jobstring) + } +} + +func Test_locus_should_be_quoted(t *testing.T) { + job := db.Job{} + job.FastaKey = "irrelevant" + + config := api.JobConfig{} + config.Locus = "test\"; rm -rf /" + + jobstring, _ := createBaktaConf(&job, &config) + expected := "--tmp-dir /cache --threads 12 --prefix result -o /output --db /db/db --locus \"test\\\"; rm -rf /\" --gram ? /data/irrelevant" + if jobstring != expected { + t.Errorf("Expected '%v', Got '%v'", expected, jobstring) + } +} +func Test_locus_tag_should_be_quoted(t *testing.T) { + job := db.Job{} + job.FastaKey = "irrelevant" + + config := api.JobConfig{} + config.LocusTag = "test\"; rm -rf /" + + jobstring, _ := createBaktaConf(&job, &config) + expected := "--tmp-dir /cache --threads 12 --prefix result -o /output --db /db/db --locus-tag \"test\\\"; rm -rf /\" --gram ? /data/irrelevant" + if jobstring != expected { + t.Errorf("Expected '%v', Got '%v'", expected, jobstring) + } +} + +func Test_plasmid_tag_should_be_quoted(t *testing.T) { + job := db.Job{} + job.FastaKey = "irrelevant" + + config := api.JobConfig{} + config.Plasmid = "test\"; rm -rf /" + + jobstring, _ := createBaktaConf(&job, &config) + expected := "--tmp-dir /cache --threads 12 --prefix result -o /output --db /db/db --plasmid \"test\\\"; rm -rf /\" --gram ? /data/irrelevant" + if jobstring != expected { + t.Errorf("Expected '%v', Got '%v'", expected, jobstring) + } +} + +func TestQuote(t *testing.T) { + testData := []struct { + input string + expected string + }{ + {"", "\"\""}, + {"test", "\"test\""}, + {"test\" rm -rf /", "\"test\\\" rm -rf /\""}, + } + for _, data := range testData { + quoted := quote(data.input) + if quoted != data.expected { + t.Errorf("Expected '%v', Got '%v'", data.expected, quoted) + } + } +}