This repository has been archived by the owner on May 10, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
/
README.Rmd
79 lines (55 loc) · 2.4 KB
/
README.Rmd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
---
output: github_document
---
<!-- README.md is generated from README.Rmd. Please edit that file -->
# rOpenSci Unconf 18 Project : defender
<img src="man/figures/supergb.png" style="width: 50%; height: 50%"/>
```{r, echo = FALSE}
knitr::opts_chunk$set(
collapse = TRUE,
comment = "#>",
fig.path = "README-"
)
```
# defender <img src="man/figures/logo.png" align="right"/>
<!-- badges: start -->
[](https://travis-ci.org/ropenscilabs/defender)
[](https://codecov.io/github/ropenscilabs/defender?branch=master)
[](https://www.tidyverse.org/lifecycle/)
<!-- badges: end -->
The goal of defender is to do static code analysis on other R packages to check for potential security risks and best practices. It provides checks on multiple levels:
1. [x] static code analysis without installing the package
2. [ ] more thorough but potentially dangerous checks with installation / in Docker container
The checks do not tell you whether something is harmful but rather they flag code that you should double-check before running / loading the package.
## Installation
You can install defender from github with:
```{r gh-installation, eval = FALSE}
# install.packages("devtools")
devtools::install_github("ropenscilabs/defender")
```
## Example
### System calls in R scripts
You can check for system calls in any directory locally available:
```{r system-calls-example, eval = FALSE}
defender::summarize_system_calls("../testevil")
```
You can also include additional elements to flag as dangerous:
```{r system-calls-example-2, eval = FALSE}
sc <- defender::system_calls("poll")
defender::summarize_system_calls("../testevil", calls_to_flag = sc)
```
### System-related imports in NAMESPACE
You can check the NAMESPACE file in a package for dangerous imports:
```{r namespace-example, eval = FALSE}
defender::check_namespace("../testevil")
```
You can also include additional elements to flag as dangerous:
```{r namespace-example-2, eval = FALSE}
di <- defender::dangerous_imports("processx::poll")
defender::check_namespace("../testevil", imports_to_flag = di)
```
## Collaborators
- Ildi Czeller @czeildi
- Karthik Ram @karthik
- Bob Rudis @hrbrmstr
- Kara Woo @karawoo