src/hg/hubApi/list.c e28cc42abe8dbb30decf688ad7be6d593fcc8b75

e28cc42abe8dbb30decf688ad7be6d593fcc8b75
hiram
  Tue Apr 30 15:56:20 2019 -0700
adding extraneous argument checks for all functions to cause error refs #18869

diff --git src/hg/hubApi/list.c src/hg/hubApi/list.c
index bf276a2..041c74f 100644
--- src/hg/hubApi/list.c
+++ src/hg/hubApi/list.c
@@ -12,30 +12,34 @@
 int i = 0;
 jsonWriteObjectStart(jw, NULL);
 jsonWriteString(jw, columnNames[i++], el->hubUrl);
 jsonWriteString(jw, columnNames[i++], el->shortLabel);
 jsonWriteString(jw, columnNames[i++], el->longLabel);
 jsonWriteString(jw, columnNames[i++], el->registrationTime);
 jsonWriteNumber(jw, columnNames[i++], (long long)el->dbCount);
 jsonWriteString(jw, columnNames[i++], el->dbList);
 jsonWriteString(jw, columnNames[i++], el->descriptionUrl);
 jsonWriteObjectEnd(jw);
 }
 
 static void jsonPublicHubs()
 /* output the hubPublic SQL table */
 {
+char *extraArgs = verifyLegalArgs(NULL); /* no extras allowed */
+if (extraArgs)
+    apiErrAbort(err400, err400Msg, "extraneous arguments found for function /list/publicHubs '%s'", extraArgs);
+
 struct sqlConnection *conn = hConnectCentral();
 char *dataTime = sqlTableUpdate(conn, hubPublicTableName());
 time_t dataTimeStamp = sqlDateToUnixTime(dataTime);
 replaceChar(dataTime, ' ', 'T');	/* ISO 8601 */
 struct hubPublic *el = hubPublicDbLoadAll();
 struct jsonWrite *jw = apiStartOutput();
 jsonWriteString(jw, "dataTime", dataTime);
 jsonWriteNumber(jw, "dataTimeStamp", (long long)dataTimeStamp);
 freeMem(dataTime);
 // redundant: jsonWriteString(jw, "tableName", hubPublicTableName());
 char **columnNames = NULL;
 char **columnTypes = NULL;
 int *jsonTypes = NULL;
 int columnCount = tableColumns(conn, jw, hubPublicTableName(), &columnNames,
     &columnTypes, &jsonTypes);
@@ -67,30 +71,34 @@
 jsonWriteNumber(jw, columnNames[i++], (long long)el->active);
 jsonWriteNumber(jw, columnNames[i++], (long long)el->orderKey);
 jsonWriteString(jw, columnNames[i++], el->genome);
 jsonWriteString(jw, columnNames[i++], el->scientificName);
 jsonWriteString(jw, columnNames[i++], el->htmlPath);
 jsonWriteNumber(jw, columnNames[i++], (long long)el->hgNearOk);
 jsonWriteNumber(jw, columnNames[i++], (long long)el->hgPbOk);
 jsonWriteString(jw, columnNames[i++], el->sourceName);
 jsonWriteNumber(jw, columnNames[i++], (long long)el->taxId);
 jsonWriteObjectEnd(jw);
 }
 
 static void jsonDbDb()
 /* output the dbDb SQL table */
 {
+char *extraArgs = verifyLegalArgs(NULL); /* no extras allowed */
+if (extraArgs)
+    apiErrAbort(err400, err400Msg, "extraneous arguments found for function /list/ucscGenomes '%s'", extraArgs);
+
 struct sqlConnection *conn = hConnectCentral();
 char *dataTime = sqlTableUpdate(conn, "dbDb");
 time_t dataTimeStamp = sqlDateToUnixTime(dataTime);
 replaceChar(dataTime, ' ', 'T');	/* ISO 8601 */
 struct dbDb *dbList = ucscDbDb();
 struct dbDb *el;
 struct jsonWrite *jw = apiStartOutput();
 jsonWriteString(jw, "dataTime", dataTime);
 jsonWriteNumber(jw, "dataTimeStamp", (long long)dataTimeStamp);
 freeMem(dataTime);
 char **columnNames = NULL;
 char **columnTypes = NULL;
 int *jsonTypes = NULL;
 int columnCount = tableColumns(conn, jw, "dbDb", &columnNames, &columnTypes,
     &jsonTypes);
@@ -335,71 +343,68 @@
     {
     recursiveTrackList(jw, el);
     }
 apiFinishOutput(0, NULL, jw);
 }	/*	static void trackDbJsonOutput(char *db, FILE *f)	*/
 
 void apiList(char *words[MAX_PATH_INFO])
 /* 'list' function words[1] is the subCommand */
 {
 if (sameWord("publicHubs", words[1]))
     jsonPublicHubs();
 else if (sameWord("ucscGenomes", words[1]))
     jsonDbDb();
 else if (sameWord("hubGenomes", words[1]))
     {
+    char *extraArgs = verifyLegalArgs("hubUrl"); /* only one arg allowed */
+    if (extraArgs)
+	apiErrAbort(err400, err400Msg, "extraneous arguments found for function /list/hubGenomes '%s'", extraArgs);
+
     char *hubUrl = cgiOptionalString("hubUrl");
     if (isEmpty(hubUrl))
 	apiErrAbort(err400, err400Msg, "must supply hubUrl='http:...' some URL to a hub for /list/hubGenomes");
 
-#ifdef NOT
-    /* this could be done for every function, beware, cgiSpoof can be here */
-    struct cgiVar *varList = cgiVarList();
-    struct cgiVar *var = varList;
-    for ( ; var; var = var->next)
-	{
-	if (differentStringNullOk("hubUrl", var->name))
-	    fprintf(stderr, "# extraneous CGI variable: '%s'='%s'\n", var->name, var->val);
-	}
-#endif
-
     struct trackHub *hub = errCatchTrackHubOpen(hubUrl);
     if (hub->genomeList)
 	{
 	slNameSort((struct slName **)&hub->genomeList);
         struct jsonWrite *jw = apiStartOutput();
 	jsonWriteString(jw, "hubUrl", hubUrl);
         jsonWriteObjectStart(jw, "genomes");
 	struct trackHubGenome *el;
         for ( el = hub->genomeList; el; el = el->next)
 	    {
 	    jsonWriteObjectStart(jw, el->name);
 	    jsonWriteString(jw, "organism", el->organism);
 	    jsonWriteString(jw, "description", el->description);
 	    jsonWriteString(jw, "trackDbFile", el->trackDbFile);
 	    jsonWriteString(jw, "twoBitPath", el->twoBitPath);
 	    jsonWriteString(jw, "groups", el->groups);
 	    jsonWriteString(jw, "defaultPos", el->defaultPos);
 	    jsonWriteNumber(jw, "orderKey", el->orderKey);
 	    jsonWriteObjectEnd(jw);
 	    }
 	jsonWriteObjectEnd(jw);
 	apiFinishOutput(0, NULL, jw);
 	}
     }
 else if (sameWord("tracks", words[1]))
     {
+    char *extraArgs = verifyLegalArgs("genome;hubUrl;trackLeavesOnly");
+    if (extraArgs)
+	apiErrAbort(err400, err400Msg, "extraneous arguments found for function /list/tracks '%s'", extraArgs);
+
     char *hubUrl = cgiOptionalString("hubUrl");
     char *genome = cgiOptionalString("genome");
     char *db = cgiOptionalString("genome");
     if (isEmpty(hubUrl) && isNotEmpty(db))
 	{
 	struct sqlConnection *conn = hAllocConnMaybe(db);
         if (NULL == conn)
 	    apiErrAbort(err400, err400Msg, "can not find 'genome=%s' for endpoint '/list/tracks", db);
 	else
 	    hFreeConn(&conn);
 	}
     if (isEmpty(hubUrl) && isEmpty(db))
       apiErrAbort(err400, err400Msg, "missing hubUrl or genome name for endpoint /list/tracks");
     if (isEmpty(hubUrl))	// missing hubUrl implies UCSC database
 	{
@@ -418,30 +423,34 @@
 	"/list/tracks", hubUrl);
     struct trackDb *tdbList = obtainTdb(hubGenome, NULL);
     struct jsonWrite *jw = apiStartOutput();
     jsonWriteString(jw, "hubUrl", hubUrl);
     jsonWriteObjectStart(jw, hubGenome->name);
     struct trackDb *el = NULL;
     for (el = tdbList; el != NULL; el = el->next )
 	    {
 	    recursiveTrackList(jw, el);
 	    }
     jsonWriteObjectEnd(jw);
     apiFinishOutput(0, NULL, jw);
     }
 else if (sameWord("chromosomes", words[1]))
     {
+    char *extraArgs = verifyLegalArgs("genome;hubUrl;track");
+    if (extraArgs)
+	apiErrAbort(err400, err400Msg, "extraneous arguments found for function /list/chromosomes '%s'", extraArgs);
+
     char *hubUrl = cgiOptionalString("hubUrl");
     char *genome = cgiOptionalString("genome");
     char *db = cgiOptionalString("genome");
     if (isEmpty(hubUrl) && isNotEmpty(db))
 	{
 	struct sqlConnection *conn = hAllocConnMaybe(db);
         if (NULL == conn)
 	    apiErrAbort(err400, err400Msg, "can not find 'genome=%s' for endpoint '/list/chromosomes", db);
 	else
 	    hFreeConn(&conn);
 	}
     if (isEmpty(hubUrl) && isEmpty(db))
         apiErrAbort(err400, err400Msg, "must supply hubUrl or genome name for endpoint '/list/chromosomes", hubUrl, db);
 
     if (isEmpty(hubUrl))	// missing hubUrl implies UCSC database