Merge pull request #22507 from jmchilton/yaml_schema_harden

Narrow YAML schema

Author: mvdbeek

client/src/api/schema/schema.ts

@@ -81,7 +81,7 @@ function getToolBadges(tool: UnprivilegedToolResponse) {
     return [
         {
             id: "version",
-            label: tool.representation.version,
+            label: tool.representation.version ?? "",
             title: "Version of this custom tool",
         },
     ];

client/src/components/Panels/UserToolPanel.vue

@@ -93,6 +93,66 @@ See https://training.galaxyproject.org/training-material/topics/admin/tutorials/
 and see https://github.com/galaxyproject/galaxy/blob/dev/test/integration/embedded_pulsar_job_conf.yml#L29 for a simple example that uses embedded pulsar to isolate mounts and disables network access.
 While the feature is in beta we recommend that only trusted users are allowed to use this feature.
 
+## Supported input parameter types
+
+The YAML authoring layer exposes a deliberately narrow subset of Galaxy's
+parameter model. The JSON schema published to the editor (`ToolSourceSchema.json`)
+is generated from this subset and rejects any unknown fields via
+`extra="forbid"`, so unsupported attributes fail fast at parse time.
+
+Supported leaf parameter types:
+
+| Type              | Supported fields (beyond `name`, `label`, `help`, `optional`)          |
+| ----------------- | ---------------------------------------------------------------------- |
+| `boolean`         | `value`                                                                |
+| `integer`         | `value`, `min`, `max`, `validators` (`in_range` only)                  |
+| `float`           | `value`, `min`, `max`, `validators` (`in_range` only)                  |
+| `text`            | `value`, `area`, `validators` (`length`, `regex`, `empty_field`)       |
+| `select`          | `options` (static, non-empty), `multiple`, `validators` (`no_options`) |
+| `color`           | `value`                                                                |
+| `data`            | `format`, `multiple`, `min`, `max`                                     |
+| `data_collection` | `collection_type`, `format`                                            |
+
+Supported structural groups: `conditional`, `repeat`, `section`. These recurse
+into the supported leaf set.
+
+Example using several supported types:
+
+```yaml
+class: GalaxyUserTool
+id: example_tool
+version: "0.1"
+name: Example
+container: busybox
+shell_command: echo "$(inputs.greeting) $(inputs.count)"
+inputs:
+  - name: greeting
+    type: select
+    options:
+      - { label: Hi, value: hi, selected: true }
+      - { label: Hello, value: hello, selected: false }
+  - name: count
+    type: integer
+    value: 1
+    min: 1
+    max: 10
+  - name: extras
+    type: repeat
+    min: 0
+    parameters:
+      - name: input_file
+        type: data
+        format: txt
+outputs: []
+```
+
+Types that exist in the XML tool vocabulary but are **not** supported in YAML
+user-defined tools and will be rejected at parse time: `hidden`, `drill_down`,
+`data_column`, `genomebuild`, `group_tag`, `baseurl`, `rules`, `directory`.
+XML-only fields such as `truevalue`, `falsevalue`, `argument`, `is_dynamic`,
+`hidden` (as a field), and `parameter_type` are likewise rejected on any
+parameter.
+
 ## Limitations
 
 The user-defined tool language is still evolving, and additional safety audits are ongoing.

client/src/components/Tool/ToolSourceSchema.json

@@ -9,6 +9,7 @@
     Dict,
     List,
     Optional,
+    Sequence,
 )
 
 from galaxy.tool_util_models.parameters import (
@@ -537,12 +538,58 @@ def decode_callback(parameter: ToolParameterT, value: Any):
 CollectionToRuntimeJson = Callable[[DataCollectionRequestInternal, Optional[str]], Any]
 
 
+# Parameter models the narrow YAML authoring layer is allowed to produce.
+# Mirrors the v1 supported set in `lib/galaxy/tool_util_models/yaml_parameters.py`.
+# Anything outside this set in a YAML-origin tool indicates a bug in the
+# authoring → internal mapping and should hard-fail before we try to build
+# runtime state.
+YAML_V1_SUPPORTED_PARAMETER_MODELS: frozenset = frozenset(
+    {
+        BooleanParameterModel,
+        IntegerParameterModel,
+        FloatParameterModel,
+        TextParameterModel,
+        SelectParameterModel,
+        DataParameterModel,
+        DataCollectionParameterModel,
+        ConditionalParameterModel,
+        RepeatParameterModel,
+        SectionParameterModel,
+    }
+)
+
+
+def assert_yaml_v1_parameters(parameters: Sequence[ToolParameterT]) -> None:
+    """Raise if any parameter (including nested ones) is outside the YAML v1 set.
+
+    Defense-in-depth: the narrow ``YamlGalaxyToolParameter`` cannot produce a
+    disallowed type, so this guard should never fire for a legitimately
+    constructed YAML tool. It exists to surface mapping bugs instead of letting
+    an unsupported type silently pass through ``runtimeify``'s default-case
+    ``VISITOR_NO_REPLACEMENT``.
+    """
+    for parameter in parameters:
+        if type(parameter) not in YAML_V1_SUPPORTED_PARAMETER_MODELS:
+            raise AssertionError(
+                f"YAML-origin tool produced unsupported parameter type "
+                f"{type(parameter).__name__} for parameter {getattr(parameter, 'name', '?')!r}"
+            )
+        if isinstance(parameter, ConditionalParameterModel):
+            for when in parameter.whens:
+                assert_yaml_v1_parameters(when.parameters)
+        elif isinstance(parameter, (RepeatParameterModel, SectionParameterModel)):
+            assert_yaml_v1_parameters(parameter.parameters)
+
+
 def runtimeify(
     internal_state: JobInternalToolState,
     input_models: ToolParameterBundle,
     adapt_dataset: DatasetToRuntimeJson,
     adapt_collection: CollectionToRuntimeJson,
+    yaml_origin: bool = False,
 ) -> JobRuntimeToolState:
+    if yaml_origin:
+        assert_yaml_v1_parameters(list(input_models.parameters))
 
     def adapt_dict(value: dict):
         assert isinstance(value, dict), str(value)

doc/source/admin/user_defined_tools.md

@@ -26,6 +26,10 @@
 )
 
 from galaxy.tool_util_models.parameter_validators import AnyValidatorModel
+from galaxy.tool_util_models.testing_types import (
+    AssertionList,
+    DirectCredential,
+)
 from galaxy.tool_util_models.tool_source import (
     BaseJsonTestCollectionDefCollectionElementDict,
     Citation,
@@ -66,13 +70,6 @@
 INPUT_CLASS_T = Literal["galaxy", "cwl"]
 
 
-class AssertionDict(TypedDict):
-    tag: str
-    attributes: Dict[str, Any]
-    children: "AssertionList"
-
-
-AssertionList = Optional[List[AssertionDict]]
 XmlInt = Union[str, int]
 
 
@@ -117,25 +114,6 @@ class ToolSourceTestInput(TypedDict):
     attributes: ToolSourceTestInputAttributes
 
 
-class DirectCredentialValue(TypedDict):
-    """Represents a credential value (variable or secret) provided directly."""
-
-    name: str
-    value: str
-
-
-class _DirectCredentialRequired(TypedDict):
-    name: str  # Name of the credentials group
-    variables: List[DirectCredentialValue]
-    secrets: List[DirectCredentialValue]
-
-
-class DirectCredential(_DirectCredentialRequired, total=False):
-    """Represents a credential group with variables and secrets provided directly."""
-
-    version: str  # Version of the credential definition (defaults to "1.0")
-
-
 ToolSourceTestInputs = List[ToolSourceTestInput]
 ToolSourceTestOutputs = List[ToolSourceTestOutput]
 TestSourceTestOutputColllection = Any

lib/galaxy/tool_util/parameters/convert.py

@@ -31,6 +31,10 @@
     DEFAULT_SORT,
 )
 from galaxy.tool_util_models.parameter_validators import AnyValidatorModel
+from galaxy.tool_util_models.testing_types import (
+    AssertionList,
+    DirectCredential,
+)
 from galaxy.tool_util_models.tool_source import (
     Citation,
     DrillDownOptionsDict,
@@ -53,8 +57,6 @@
     xml_to_string,
 )
 from .interface import (
-    AssertionList,
-    DirectCredential,
     DrillDownDynamicOptions,
     DynamicOptions,
     InputSource,

lib/galaxy/tool_util/parser/interface.py

@@ -32,6 +32,11 @@
     ToolParameterBundleModel,
     ToolParameterT,
 )
+from galaxy.tool_util_models.testing_types import (
+    AssertionDict,
+    AssertionList,
+    DirectCredential,
+)
 from galaxy.tool_util_models.tool_source import (
     HelpContent,
     JsonTestCollectionDefDict,
@@ -40,9 +45,6 @@
 )
 from galaxy.util import listify
 from .interface import (
-    AssertionDict,
-    AssertionList,
-    DirectCredential,
     InputSource,
     PageSource,
     PagesSource,
@@ -273,7 +275,7 @@ def parse_tests_to_dict(self) -> ToolSourceTests:
         tests: List[ToolSourceTest] = []
         rval: ToolSourceTests = dict(tests=tests)
 
-        raw_tests = deepcopy(self.root_dict.get("tests", []))
+        raw_tests = deepcopy(self.root_dict.get("tests") or [])
         for i, test_dict in enumerate(raw_tests):
             inputs = test_dict.get("inputs", {})
             state = TestCaseJsonToolState(inputs)
@@ -530,7 +532,11 @@ def parse_input_type(self):
     def parse_extensions(self):
         extensions = self.input_dict.get("extensions")
         if not extensions:
-            extensions = self.get("format", "data").split(",")
+            format_raw = self.get("format", "data")
+            if isinstance(format_raw, str):
+                extensions = format_raw.split(",")
+            else:
+                extensions = format_raw
         return [ext.strip().lower() for ext in extensions]
 
     def parse_nested_inputs_source(self):

lib/galaxy/tool_util/parser/xml.py

@@ -15,11 +15,13 @@
 )
 
 from galaxy.tool_util.parser.interface import (
-    AssertionList,
-    DirectCredential,
     TestSourceTestOutputColllection,
     ToolSourceTestOutputs,
 )
+from galaxy.tool_util_models.testing_types import (
+    AssertionList,
+    DirectCredential,
+)
 
 # legacy inputs for working with POST /api/tools
 # + inputs that have been processed with parse.py and expanded out

lib/galaxy/tool_util/parser/yaml.py

@@ -46,15 +46,17 @@
     ToolParameterBundle,
 )
 from galaxy.tool_util.parser.interface import (
-    AssertionList,
-    DirectCredential,
     TestCollectionDef,
     TestCollectionOutputDef,
     TestSourceTestOutputColllection,
     ToolSourceTestOutputs,
     XmlTestCollectionDefDict,
 )
 from galaxy.tool_util.verify.test_data import TestDataResolver
+from galaxy.tool_util_models.testing_types import (
+    AssertionList,
+    DirectCredential,
+)
 from galaxy.tool_util_models.tool_source import (
     JsonTestCollectionDefDict,
     JsonTestDatasetDefDict,