Bug #5481
closed
create subclassed R actor that doesn't allow arbitrary scripts to be run
Added by Derik Barseghian about 13 years ago.
Updated about 12 years ago.
Description
Create a new version of the R actor that doesn't allow arbitrary code to be run. If we decide to use the R survivorship package, we'll need this.
Note that all this probably needs to be is a subclass of the existing R actor that sets the R code to be run as a constant rather than from a moml property. So from an implementation perspective, there is probably little to be implemented that is new here. This will also allow the actor to take advantage of improvements in the base R actor as those are made.
The SP actors that I created that subclass R dynamically compose and set their R script during fire(), with no R code contained in moml, so this injection concern was avoided. So users could change the actor's expression parameter using the SP Settings page, but this would have no effect / get discarded when the pipe was run. In the recent past I added support for hiding parameters from SP users, and hid all params we don't want exposed so they can't even do that anymore.
Original Bugzilla ID was 5481
Also available in: Atom
PDF