bgruening
commented
2 years ago @jasonjgill do you think anyone in your team can work on this? Happy to review any PR in this direction.
Open bgruening opened 2 years ago
bgruening
commented
2 years ago @jasonjgill do you think anyone in your team can work on this? Happy to review any PR in this direction.
jasonjgill
commented
2 years ago @bgruening I responded in the galaxy PR, but we can make these changes if this is needed for hosting on Galaxy. @cross12tamu is our coder/developer, I can work with him to see how much time these changes will take. Are these changes so the tools can be taken up into IUC?
bgruening
commented
2 years ago Those are the IUC recommendations, yes. But the quoting issues I raised are actually security concerns. So independently of IUC those should be fixed before we deploy them on EU. Sorry :(
cross12tamu
commented
2 years ago I'll take a look at this!
The IUC has some guidelines developed to make tools secure and improve UX across different tools.
You can learn more here: https://galaxy-iuc-standards.readthedocs.io
Important security fixes:
$__tool_directory__. e.g. https://github.com/TAMU-CPT/CPT-ToolshedSource/blob/main/cpt_blastp_to_gff/blastp_to_gff3.xml#L9 but also$outputshttps://github.com/TAMU-CPT/CPT-ToolshedSource/blob/main/cpt_blastp_to_gff/blastp_to_gff3.xml#L17 or https://github.com/TAMU-CPT/CPT-ToolshedSource/blob/main/cpt_fasta_remove_id/fasta_remove_id.xml#L10small things
interpreter="python"should not be used anymore, instead usepython scriptin your command line.size="5"and similar can be removed from parametersIf you like also look at https://github.com/galaxyproject/galaxy-language-server which will lint your tools and help spot some stuff.