[Rd] Scanning a R script for potentially insidious commands

Michael Weylandt michael.weylandt at gmail.com
Wed Dec 19 12:28:01 CET 2012

On Dec 18, 2012, at 12:48 PM, Etienne Sévin <e.sevin at epiconcept.fr> wrote:

> Hey all,
> We are building a R connector for our web application.
> The user can upload a script so it can be executed on the server.
> Is there a way to scan the script for insidious commands (writing on the
> disk for example) and purge them out?

Completely, not that I know of: but grepping for system() and eval() should catch a majority of red flags. 


> I guess a simple search is not enough so is there a way to analyse the
> pseudo code?
> Best,
> Etienne
> ______________________________________________
> R-devel at r-project.org mailing list
> https://stat.ethz.ch/mailman/listinfo/r-devel

More information about the R-devel mailing list