Closed ChrOertlin closed 1 year ago
Kudos, SonarCloud Quality Gate passed!
@moedarrah and I went over the frontend endpoints. It turned out that the function in question (sample) is not called at all by the front end.
The sample function was created by Peter Andeer 7 years ago. Another function (samples) created by Måns 2 years ago seems to be called now for both plate_id and sample_id parses.
The sample function is called in other scripts match_cmd.py, store_cmb.py and view.py.
Is there a specific purpose of logging that an ID was not found? The ID refers to ACCxxxxxxAx ids (i.e. internal sample ids)
cg upload genotypes simplemonkey /home/proj/stage/bin/miniconda3/envs/S_main/lib/python3.7/site-packages/sqlalchemy/orm/relationships.py:2231: SAWarning: Cascade settings "delete, merge, save-update" should not be combined with a viewonly=True relationship. This configuration will raise an error in version 1.4. Note that in versions prior to 1.4, these cascade settings may still produce a mutating effect even though this relationship is marked as viewonly=True. "viewonly=True." % (", ".join(sorted(non_viewonly))) Called undefined fields on HousekeeperAPI, please wrap Called undefined fields on HousekeeperAPI, please wrap Called undefined fields on HousekeeperAPI, please wrap Called undefined fields on HousekeeperAPI, please wrap Called undefined fields on HousekeeperAPI, please wrap Called undefined fields on HousekeeperAPI, please wrap Called undefined fields on HousekeeperAPI, please wrap Called undefined fields on HousekeeperAPI, please wrap Called undefined fields on HousekeeperAPI, please wrap Called undefined fields on HousekeeperAPI, please wrap ----------------- UPLOAD ----------------- ----------------- GENOTYPES ------------------- /home/proj/stage/bin/miniconda3/envs/S_main/lib/python3.7/site-packages/sqlalchemy/orm/relationships.py:1998: SAWarning: Setting backref / back_populates on relationship Demux.samples to refer to viewonly relationship Sample.demuxes should include sync_backref=False set on the Demux.samples relationship. (this warning may be suppressed after 10 occurrences) (rel_b, rel_a, rel_b), /home/proj/stage/bin/miniconda3/envs/S_main/lib/python3.7/site-packages/sqlalchemy/orm/relationships.py:1998: SAWarning: Setting backref / back_populates on relationship Sample.demuxes to refer to viewonly relationship Demux.samples should include sync_backref=False set on the Sample.demuxes relationship. (this warning may be suppressed after 10 occurrences) (rel_b, rel_a, rel_b), Initializing UploadGenotypesAPI Fetching upload genotype data for simplemonkey Fetch latest version from bundle simplemonkey Fetching files with tags in [genotype] Fetching files from version 106105 Fetching files with tags in [qc-metrics,deliverable] Fetching files from version 106105 loading VCF genotypes for sample(s): ACC10281A11 Running command /home/proj/stage/bin/miniconda3/envs/S_genotype/bin/genotype --config /home/proj/stage/servers/config/hasta.scilifelab.se/genotype-stage.yaml load /home/proj/stage/housekeeper-bundles/simplemonkey/2022-08-12/simplemonkey_gatkcomb.bcf Running command /home/proj/stage/bin/miniconda3/envs/S_genotype/bin/genotype --config /home/proj/stage/servers/config/hasta.scilifelab.se/genotype-stage.yaml add-sex ACC10281A11 -s female Running command /home/proj/stage/bin/miniconda3/envs/S_genotype/bin/genotype --config /home/proj/stage/servers/config/hasta.scilifelab.se/genotype-stage.yaml add-sex ACC10281A11 -a sequence female
This PR adds/fixes ...
This PR aims to fix a possible injection vulnerability identified by sonarcloud. The user-provided sample id is logged without checks.
removed logging of sample_id
How to prepare for test:
-[ ] ssh to Hasta install on stage of Hasta: -[ ] bash /home/proj/production/servers/resources/hasta.scilifelab.se/update-tool-stage.sh -e S_genotype -t genotype -b update_security How to test:
Login to the stage environment.
Make sure the pipeline runs without issues.
cg upload genotypes
Review:
Tests executed by CO "Merge and deploy" approved by Thanks for filling in who performed the code review and the test! This version is a:
MAJOR - when you make incompatible API changes MINOR - when you add functionality in a backwards compatible manner PATCH - when you make backwards compatible bug fixes or documentation/instructions Implementation plan:
Deploy to prod when tested