[R-pkg-devel] Sanitize Input Code for a Shiny App
biii m@iii@g oii de@@ey@ws
biii m@iii@g oii de@@ey@ws
Sun Feb 26 20:36:22 CET 2023
Hello,
I'm working to develop a Shiny app where I'd like to have an advanced
capability to accept user input and run the code. For the code received,
I'd like to be able to prevent R from doing things other than working within
the R session. For example, I want to prevent `system("rm -rf /*")`.
One method to achieve this is to run the R session within a Docker container
and perform the security around the container. The user could do some
things within the container, but they would be limited.
What I'd like to be able to do is to sanitize the inputs to ensure that it
won't to things including installing packages, running system commands,
reading and writing to the filesystem, and accessing the network. I'd like
to allow the user to do almost anything they want within R, so making a list
of acceptable commands is not accomplishing the goal. I could try to do
something like:
* have acceptable packages loaded, only,
* don't allow loading additional packages,
* deny a set of known-bad commands (e.g. system, system2, etc.)
* deny any attempt to run from additional packages (exclude calls with
a double-colon or triple-colon)
The method I just described seems like it would not work well because it
assumes that the known-bad commands is comprehensive and that I'm being
creative enough in ways that users could try to break things.
Is there a good way to sanitize arbitrary code from users to prevent
malicious behavior?
Thanks,
Bill
[[alternative HTML version deleted]]
More information about the R-package-devel
mailing list