mikkonie
commented
5 months ago Done. Also updated the tests a fair bit and discovered #1954.
Closed mikkonie closed 5 months ago
mikkonie
commented
5 months ago Done. Also updated the tests a fair bit and discovered #1954.
I noticed we don't sanitize iRODS paths when calling for
get_row_path(). Especially with the implementing of #1946 it should be done, as the user has more freedom for defining data paths.As the paths get checked when performing any iRODS requests with elevated permissions within SODAR, this is not a major security issue. Still, we might as well prevent users for entering naughty data from the get-go.
We simply need to call
irods_backend.sanitize_path()on the results. Relevant calls toget_row_path()are in:samplesheets.plugins._update_cache_rows()samplesheets.plugins.get_irods_content()