Demux wizard doesn't check that items have names that are accepted by downstream analysis steps
|Reported by:||Nicklas Nordborg||Owned by:||Nicklas Nordborg|
Much of the automatic analysis pipeline builds on interacting with the computing cluster dynamically via ssh. We are generating commands and script on the fly and sometimes those commands and scripts contain text that is retrieved from item names and properties from the BASE database. For example, file names and folder structure is based on the name of the library. To prevent bad things from happening on the cluster in case someone "evil" messes with the BASE database we normally check everything that is retrieved from the database before we put it into a script. For example, we do not want it to be possible to wipe the filesystem if someone names a library
rm -rf /.
In the current implementation the checks are quite restricted and only letters, numbers, dot and underscore is allowed
However it seems like the demux step is not making the same checks when generating the demultiplex file. Just by looking at the code it seems like it is generating output file names based on the item names without any check at all. In this case it is just a configuration file going into Picard, but I think we should really go through the code and the script it generates to see if we can find more places that are not checked. Then, the checks should be implemented.