Re: [Rd] Scanning a R script for potentially insidious commands

From: Michael Weylandt <>
Date: Wed, 19 Dec 2012 11:28:01 +0000

On Dec 18, 2012, at 12:48 PM, Etienne S├ęvin <> wrote:

> Hey all,
> We are building a R connector for our web application.
> The user can upload a script so it can be executed on the server.
> Is there a way to scan the script for insidious commands (writing on the
> disk for example) and purge them out?

Completely, not that I know of: but grepping for system() and eval() should catch a majority of red flags.


> I guess a simple search is not enough so is there a way to analyse the
> pseudo code?
> Best,
> Etienne
> ______________________________________________
> mailing list
> mailing list Received on Wed 19 Dec 2012 - 11:30:23 GMT

This quarter's messages: by month, or sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

All messages

Archive maintained by Robert King, hosted by the discipline of statistics at the University of Newcastle, Australia.
Archive generated by hypermail 2.2.0, at Wed 19 Dec 2012 - 12:12:56 GMT.

Mailing list information is available at Please read the posting guide before posting to the list.

list of date sections of archive