[Rd] Scanning a R script for potentially insidious commands
Michael Weylandt
michael.weylandt at gmail.com
Wed Dec 19 12:28:01 CET 2012
On Dec 18, 2012, at 12:48 PM, Etienne Sévin <e.sevin at epiconcept.fr> wrote:
> Hey all,
>
> We are building a R connector for our web application.
> The user can upload a script so it can be executed on the server.
>
> Is there a way to scan the script for insidious commands (writing on the
> disk for example) and purge them out?
Completely, not that I know of: but grepping for system() and eval() should catch a majority of red flags.
Michael
> I guess a simple search is not enough so is there a way to analyse the
> pseudo code?
>
> Best,
>
> Etienne
>
> ______________________________________________
> R-devel at r-project.org mailing list
> https://stat.ethz.ch/mailman/listinfo/r-devel
More information about the R-devel
mailing list