Skip to content

[26.0] Reject malformed dataset ids in data tool parameter#22617

Merged
mvdbeek merged 1 commit into
galaxyproject:release_26.0from
mvdbeek:reject-nonsense-id
May 22, 2026
Merged

[26.0] Reject malformed dataset ids in data tool parameter#22617
mvdbeek merged 1 commit into
galaxyproject:release_26.0from
mvdbeek:reject-nonsense-id

Conversation

@mvdbeek
Copy link
Copy Markdown
Member

@mvdbeek mvdbeek commented May 1, 2026

Strings like "hda:<encoded_id>" reached SQLAlchemy as the HDA primary key and crashed Postgres with InvalidTextRepresentation (xref #22616). The "src:id" shape is not part of the API surface — those inputs should arrive as {src, id} dicts via src_id_to_item — so reject anything that isn't an int, digit string, or 16-char encoded id with ParameterValueError, which the parameter pipeline maps to a 4xx.

How to test the changes?

(Select all options that apply)

  • I've included appropriate automated tests.
  • This is a refactoring of components with existing test coverage.
  • Instructions for manual testing are as follows:
    1. [add testing steps and prerequisites here if you didn't write automated tests covering all your changes]

License

  • I agree to license these and all my past contributions to the core galaxy codebase under the MIT license.

@mvdbeek
Reject malformed dataset ids in data tool parameter
b0581ca 
Strings like "hda:<encoded_id>" reached SQLAlchemy as the HDA primary
key and crashed Postgres with InvalidTextRepresentation (xref galaxyproject#22616).
The "src:id" shape is not part of the API surface — those inputs should
arrive as {src, id} dicts via src_id_to_item — so reject anything that
isn't an int, digit string, or 16-char encoded id with
ParameterValueError, which the parameter pipeline maps to a 4xx.
@github-project-automation github-project-automation Bot moved this to Needs Review in Galaxy Dev - weeklies May 1, 2026
@github-actions github-actions Bot added this to the 26.1 milestone May 1, 2026
jmchilton
jmchilton reviewed May 1, 2026
View reviewed changes
Comment thread lib/galaxy/tools/parameters/basic.py
s = str(value)
if s.isdigit():
return int(s)
if len(s) == 16:
Copy link
Copy Markdown
Member

@jmchilton jmchilton May 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These aren't of fixed size right? Are they multiples or 8 or 16 or something like that?

Copy link
Copy Markdown
Member Author

@mvdbeek mvdbeek May 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is a port of the code from line 2200. We could also reject strings entirely, that would probably be the correct move ?

@mvdbeek mvdbeek merged commit cb36b70 into galaxyproject:release_26.0 May 22, 2026
54 of 58 checks passed
@github-project-automation github-project-automation Bot moved this from Needs Review to Done in Galaxy Dev - weeklies May 22, 2026
@nsoranzo nsoranzo deleted the reject-nonsense-id branch May 22, 2026 09:02
@mvdbeek mvdbeek mentioned this pull request May 26, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jmchilton jmchilton jmchilton approved these changes

Assignees

No one assigned

Labels

area/testing area/tool-framework kind/bug

Projects

Galaxy Dev - weeklies
Status: Done

Milestone

26.1

Development

Successfully merging this pull request may close these issues.

2 participants

@mvdbeek @jmchilton