[Linting Rule] Problematic Inputs
This document was generated from 'src/documentation/wiki-linter.ts' on 2026-06-01, 20:20:18 UTC presenting an overview of flowR's linter (v2.10.6). Please do not edit this file/wiki page directly.
Problematic inputs [overview]
This rule is a best-effort rule.
Detects uses of dynamic calls (e.g. eval, system) with non-constant inputs, and graphics-device calls (pdf, postscript) where a filename starts with '|' indicating a pipe command injection.
This linting rule is implemented in src/linter/rules/problematic-inputs.ts.
Linting rules can be configured by passing a configuration object to the linter query as shown in the example below.
The problematic-inputs rule accepts the following configuration options:
function(x) {
eval(x)
}The linting query can be used to run this rule on the above example:
[ { "type": "linter", "rules": [ { "name": "problematic-inputs", "config": {} } ] } ]Results (prettified and summarized):
Query: linter (1 ms)
╰ Problematic inputs (problematic-inputs):
╰ certain:
╰ Use of configured dynamic call at 3.2-8; inputs: 5 (type: [param], trace: pure)
╰ Metadata: searchTimeMs: 1, processTimeMs: 0
All queries together required ≈1 ms (1ms accuracy, total 2 ms)
Show Detailed Results as Json
The analysis required 1.7 ms (including parsing and normalization and the query) within the generation environment.
In general, the JSON contains the Ids of the nodes in question as they are present in the normalized AST or the dataflow graph of flowR. Please consult the Interface wiki page for more information on how to get those.
{
"linter": {
"results": {
"problematic-inputs": {
"results": [
{
"involvedId": 7,
"certainty": "certain",
"loc": [
3,
2,
3,
8
],
"name": "eval",
"sources": [
{
"id": 5,
"types": [
"param"
],
"trace": "pure"
}
]
}
],
".meta": {
"searchTimeMs": 1,
"processTimeMs": 0
}
}
},
".meta": {
"timing": 1
}
},
".meta": {
"timing": 1
}
}These examples are synthesized from the test cases in: test/functionality/linter/lint-problematic-inputs.test.ts
Given the following input:
eval(parse(text="x"))We expect the linter to report the following:
* no lintsSee here for the test-case implementation.
Given the following input:
x <- read.csv("https://example.com/data.csv"); eval(parse(text=x))We expect the linter to report the following:
certainty: LintingResultCertainty.Certain,
name: 'eval',
loc: SourceRange.from(1, 48, 1, 66),
sources: [{ id: 11, trace: InputTraceType.Known, types: [InputType.File, InputType.Network, InputType.DerivedConstant] }]See here for the test-case implementation.
Given the following input:
x <- read.csv("data.csv"); eval(parse(text=x))We expect the linter to report the following:
certainty: LintingResultCertainty.Certain,
name: 'eval',
loc: SourceRange.from(1, 28, 1, 46),
sources: [{ id: 11, trace: InputTraceType.Known, types: [InputType.File, InputType.DerivedConstant] }]See here for the test-case implementation.
Given the following input:
eval(parse(text=runif(1)))We expect the linter to report the following:
certainty: LintingResultCertainty.Certain,
name: 'eval',
loc: SourceRange.from(1, 1, 1, 26),
sources: [{ id: 8, trace: InputTraceType.Known, types: [InputType.Random, InputType.DerivedConstant] }]See here for the test-case implementation.
Given the following input:
eval(parse(text=x))We expect the linter to report the following:
certainty: LintingResultCertainty.Uncertain,
name: 'eval',
loc: SourceRange.from(1, 1, 1, 19),
sources: [{ id: 5, trace: InputTraceType.Known, types: [InputType.Unknown, InputType.DerivedConstant] }]See here for the test-case implementation.
Given the following input:
system(x)We expect the linter to report the following:
certainty: LintingResultCertainty.Uncertain,
name: 'system',
loc: SourceRange.from(1, 1, 1, 9),
sources: [{ id: 1, trace: InputTraceType.Unknown, types: [InputType.Unknown] }]See here for the test-case implementation.
Given the following input:
pdf("output.pdf")We expect the linter to report the following:
* no lintsSee here for the test-case implementation.
Given the following input:
pdf("|lp -o landscape")We expect the linter to report the following:
certainty: LintingResultCertainty.Certain,
name: 'pdf',
loc: SourceRange.from(1, 1, 1, 23),
pipeCommand: '|lp -o landscape',
sources: [{ id: 1, trace: InputTraceType.Unknown, types: [InputType.Constant], value: '|lp -o landscape' }]See here for the test-case implementation.
Given the following input:
pdf("|lp -o landscape", paper = "a4r")We expect the linter to report the following:
certainty: LintingResultCertainty.Certain,
name: 'pdf',
loc: SourceRange.from(1, 1, 1, 38),
pipeCommand: '|lp -o landscape',
sources: [{ id: 1, trace: InputTraceType.Unknown, types: [InputType.Constant], value: '|lp -o landscape' }]See here for the test-case implementation.
Given the following input:
pdf(file = "out.pdf", title = "|untrusted")We expect the linter to report the following:
* no lintsSee here for the test-case implementation.
Given the following input:
pdf(x)We expect the linter to report the following:
certainty: LintingResultCertainty.Uncertain,
name: 'pdf',
loc: SourceRange.from(1, 1, 1, 6),
sources: [{ id: 1, trace: InputTraceType.Unknown, types: [InputType.Unknown] }]See here for the test-case implementation.
Given the following input:
postscript("|lp")We expect the linter to report the following:
certainty: LintingResultCertainty.Certain,
name: 'postscript',
loc: SourceRange.from(1, 1, 1, 17),
pipeCommand: '|lp',
sources: [{ id: 1, trace: InputTraceType.Unknown, types: [InputType.Constant], value: '|lp' }]See here for the test-case implementation.