Open peterjc opened 5 years ago
bgruening
commented
5 years ago I agree it is a potential security risk and it is not good for UX imho. What is the reason to do so? Is it because of too many parameters that the tool author does not want to specify in detail?
peterjc
commented
5 years ago Basically that's the reason. It has come up on MIRA (see pull request) and also BLAST, and that's just the examples I can think of from tools that I personally first wrapped. My preference is to add missing arguments as needed (but there are diminishing returns in effort spent and corner case usage).
Prompted by https://github.com/peterjc/galaxy_mira/pull/4 I was looking at our best practise documentation, and found it does not talk about allowing arbitrary parameters to be passed to a tool.
Despite the Galaxy framework having default character sanitisers (to block most special characters like semi colon, pipe or back-tick), my understanding is this was discouraged as a potential security hole - i.e. this field will become part of the command line string, so you have to worry about tricks like running subcommands, or ending the intended command early and running some second arbitrary command as well.