[Biopython-dev] [Bug 2508] NCBIStandalone.blastall: provide support for '-F F' and make it safe

bugzilla-daemon at portal.open-bio.org bugzilla-daemon at portal.open-bio.org
Thu Jun 5 11:03:27 UTC 2008


------- Comment #1 from biopython-bugzilla at maubp.freeserve.co.uk  2008-06-05 07:03 EST -------
You seem to have identified two issues.  Adding support for -F should be fairly

For the security issue, the caller should be validating their input.  Also if
running from a web-server, the permissions should also be restricted - failing
to do this is asking for trouble.

However, defence in layers would be good.  Would you suggest a simple check for
the ";" character?  What about escaped semi-colons?  Also this a platform
dependant issue.  The ";" character is Unix only.  At the Windows command line
you have to use an &&.

Do you have a patch in mind?

Configure bugmail: http://bugzilla.open-bio.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the Biopython-dev mailing list