Closed ekcannon closed 6 years ago
run_BLAST_tripal_job_services in this pull request has the same security problems that run_BLAST_tripal_job did before 434279e7a45e32c66624862589909e4146292344 . Please do not mege this without fixing them.
Thanks for the comment @njbooher, I see that and will make sure :-)
Ethy, a lot of the conflict here is because our repos have diverged quite a bit. I suggest we start by resolving the main repo 7.x-1.x branches so that you can take advantage of the security and functionality fixes we've been hard at work on lately (See #17). Once we get that resolved then you can pull the changes from your main branch into your web services and it should make this pull request quite a bit easier. Sound like a plan?
I think we have addressed all of the concerns. Ready for re-checking and testing.
Awesome, Thanks! I'll try to look at it within the next couple days
The changes look good --now I'll just test it on my system and we can get this merged! Sorry for the delay on this and thanks for the changes!
Enabling seems to work fine -- I like that it just enables the modules for me :-)
[mysite]/restapi/blast.json
seems to work fine but I get HTTP ERROR 500 when trying [mysite]/restapi/blast/getDatabaseOptions.json?blast_program=blastn
Looking in the log I see:
PDOException: SQLSTATE[22P02]: Invalid text representation: 7 ERROR: invalid input syntax for integer: "getDatabaseOptions" LINE 1: SELECT job_name FROM tripal_jobs WHERE job_id = 'getDatabase... ^: SELECT job_name FROM tripal_jobs WHERE job_id = :job_id ; Array ( [:job_id] => getDatabaseOptions ) in getBlastData() (line 560 of /var/www/dev/tripal-lacey/sites/all/modules/tripal_blast/includes/blast_ui.services.inc).
Thoughts?
Part of the problem may be because the getDatabaseOptions is expecting the program name in a POST variable. That said, it should still work as a GET.
The error is in getBlastData(), which shouldn't be called by the getDatabaseOptions command. It appears that the code attached to getDatabaseOptions isn't being called, but instead the generic code attached to [mysite]/restapi/blast is being executed. Haven't yet been able to see why.
Web services API defined in blast_ui.services.inc: blast_ui_services_resources().
I decided to have a GET request to getDatabaseOptions fail with a 400 error (bad request) and a message stating the likely reason: "The web service request was incorrectly specified. Check the endpoint and data, and be sure to use the correct request method (GET vs POST)"
Sorry about the delay on this one. I've gone in and tested the web services via HTTP. To aid in this process I added an administrative form for testing your own web services. See code in https://github.com/tripal/tripal_blast/tree/LegumeFederation-webservices branch.
I cannot get the last service (retrieving the blast results) to work... See https://github.com/tripal/tripal_blast/blob/LegumeFederation-webservices/includes/blast_ui.services.test.inc#L231
The response I keep getting is
Service: Retrieve Results.
URL: http://[mysite]/restapi/blast/118.json
Results: stdClass Object
(
[status] => 400
[msg] => The web service request was incorrectly specified. Check the endpoint and data, and be sure to use the correct request method (GET vs POST)
);
I have tested the exact query sequence and database combination through the original blast interface with no issues. Furthermore, I've confirmed the job_id (118) is correct.
Thoughts?
$job_id was of type string, so is_integer() was always false in getBlastData(). Also, the error reported was rather opaque, so I fixed that too. The code sample in blast_help.tpl.php had several errors, also fixed.
The Drupal Services module is proving to be very unstable in the BLAST UI module, so this approach to implementing web services has been abandoned.
Full support for REST Web services to expose all BLAST functionality provided by this module.