Project

General

Profile

Actions

Bug #5481

closed

create subclassed R actor that doesn't allow arbitrary scripts to be run

Added by Derik Barseghian over 13 years ago. Updated about 12 years ago.

Status:
Resolved
Priority:
Normal
Category:
general
Target version:
Start date:
08/30/2011
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:
5481

Description

Create a new version of the R actor that doesn't allow arbitrary code to be run. If we decide to use the R survivorship package, we'll need this.

Actions #1

Updated by Matt Jones over 13 years ago

Note that all this probably needs to be is a subclass of the existing R actor that sets the R code to be run as a constant rather than from a moml property. So from an implementation perspective, there is probably little to be implemented that is new here. This will also allow the actor to take advantage of improvements in the base R actor as those are made.

Actions #2

Updated by Derik Barseghian about 12 years ago

The SP actors that I created that subclass R dynamically compose and set their R script during fire(), with no R code contained in moml, so this injection concern was avoided. So users could change the actor's expression parameter using the SP Settings page, but this would have no effect / get discarded when the pipe was run. In the recent past I added support for hiding parameters from SP users, and hid all params we don't want exposed so they can't even do that anymore.

Actions #3

Updated by Redmine Admin over 11 years ago

Original Bugzilla ID was 5481

Actions

Also available in: Atom PDF