Re: [Rd] Scanning a R script for potentially insidious commands

From: Michael Weylandt <michael.weylandt_at_gmail.com>
Date: Wed, 19 Dec 2012 11:28:01 +0000

On Dec 18, 2012, at 12:48 PM, Etienne S├ęvin <e.sevin_at_epiconcept.fr> wrote:

> Hey all,
>
> We are building a R connector for our web application.
> The user can upload a script so it can be executed on the server.
>
> Is there a way to scan the script for insidious commands (writing on the
> disk for example) and purge them out?

Completely, not that I know of: but grepping for system() and eval() should catch a majority of red flags.

Michael

> I guess a simple search is not enough so is there a way to analyse the
> pseudo code?
>
> Best,
>
> Etienne
>
> ______________________________________________
> R-devel_at_r-project.org mailing list
> https://stat.ethz.ch/mailman/listinfo/r-devel



R-devel_at_r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel Received on Wed 19 Dec 2012 - 11:30:23 GMT

This quarter's messages: by month, or sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

All messages

Archive maintained by Robert King, hosted by the discipline of statistics at the University of Newcastle, Australia.
Archive generated by hypermail 2.2.0, at Wed 19 Dec 2012 - 12:12:56 GMT.

Mailing list information is available at https://stat.ethz.ch/mailman/listinfo/r-devel. Please read the posting guide before posting to the list.

list of date sections of archive