Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documented optional graphviz dependency and removed use of os.system() in draw_graph #2287

Merged
merged 2 commits into from
Dec 4, 2018
Merged

Documented optional graphviz dependency and removed use of os.system() in draw_graph #2287

merged 2 commits into from
Dec 4, 2018

Conversation

ConradJohnston
Copy link
Contributor

Fixes #835 and #2285.

The use of verdi graph to generate a plot of part of the provenance graph requires the graphviz package, which was not documented other than in the source code. This pull request increases the visibility of this dependency in the docs and adds a more human-parsable error message suggest when it could be the case that graphviz is not installed.

Also replaces the use of os.system() in aiida.common.graph with subprocess.call to prevent shell script from being injected via verdi graph generate.

@ConradJohnston
Copy link
Contributor Author

This perhaps should be two separate PRs? I can re-do the PR if needed.

@ConradJohnston ConradJohnston force-pushed the fix_835_graph_generation_does_not_work_without_graphviz branch from 97dcc76 to da981f1 Compare December 4, 2018 16:34
@sphuber sphuber self-requested a review December 4, 2018 20:59
@sphuber
Copy link
Contributor

sphuber commented Dec 4, 2018

I am happy with it being a single PR. There are two nice commits to go with it 👍

@coveralls
Copy link

coveralls commented Dec 4, 2018
edited
Loading

Coverage Status

Coverage decreased (-0.7%) to 66.562% when pulling 4bddfe7 on ConradJohnston:fix_835_graph_generation_does_not_work_without_graphviz into 074c577 on aiidateam:provenance_redesign.

sphuber
sphuber previously approved these changes Dec 4, 2018
View reviewed changes
@ConradJohnston @sphuber
Document graphviz dependency
9ea4bdd 
The use of verdi graph to generate a plot of part of the provenance
graph requires the graphviz package, which was not documented
other than in the source code. This commit increases the visibility
of this dependency in the docs.
@ConradJohnston @sphuber
Replace use of os.system with subprocess.call
4bddfe7 
- Replaces the use of os.system in aiida.common.graph with subprocess.call
The former was dangerous as it was passed arguments directly from the cmdline
via verdi graph and so would execute and valid shell string,
The solution is to use subprocess.call() which sanitises the input automatically.

- Also prints a more usful message if graphviz is possibly not installed.
@sphuber sphuber force-pushed the fix_835_graph_generation_does_not_work_without_graphviz branch from 3ab67ee to 4bddfe7 Compare December 4, 2018 21:48
@sphuber sphuber merged commit 88026c7 into aiidateam:provenance_redesign Dec 4, 2018
This was referenced Dec 4, 2018
Closed
Closed
@ConradJohnston ConradJohnston deleted the fix_835_graph_generation_does_not_work_without_graphviz branch December 5, 2018 09:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sphuber sphuber sphuber approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ConradJohnston @sphuber @coveralls