Etienne Sévin
2012-Dec-18 12:48 UTC
[Rd] Scanning a R script for potentially insidious commands
Hey all, We are building a R connector for our web application. The user can upload a script so it can be executed on the server. Is there a way to scan the script for insidious commands (writing on the disk for example) and purge them out? I guess a simple search is not enough so is there a way to analyse the pseudo code? Best, Etienne
Michael Weylandt
2012-Dec-19 11:28 UTC
[Rd] Scanning a R script for potentially insidious commands
On Dec 18, 2012, at 12:48 PM, Etienne S?vin <e.sevin at epiconcept.fr> wrote:> Hey all, > > We are building a R connector for our web application. > The user can upload a script so it can be executed on the server. > > Is there a way to scan the script for insidious commands (writing on the > disk for example) and purge them out?Completely, not that I know of: but grepping for system() and eval() should catch a majority of red flags. Michael> I guess a simple search is not enough so is there a way to analyse the > pseudo code? > > Best, > > Etienne > > ______________________________________________ > R-devel at r-project.org mailing list > https://stat.ethz.ch/mailman/listinfo/r-devel