On Dec 18, 2012, at 12:48 PM, Etienne Sévin <[email protected]> wrote:
> Hey all, > > We are building a R connector for our web application. > The user can upload a script so it can be executed on the server. > > Is there a way to scan the script for insidious commands (writing on the > disk for example) and purge them out? Completely, not that I know of: but grepping for system() and eval() should catch a majority of red flags. Michael > I guess a simple search is not enough so is there a way to analyse the > pseudo code? > > Best, > > Etienne > > ______________________________________________ > [email protected] mailing list > https://stat.ethz.ch/mailman/listinfo/r-devel ______________________________________________ [email protected] mailing list https://stat.ethz.ch/mailman/listinfo/r-devel
