You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The mechanism that stops queryparser from translating an expression if it includes functions that are not on the whitelist can be defeated by using a function name with no parentheses and using the forward pipe operator %>% to pass input to the function. For example:
parse_expression("'ls' %>% system")
#system("ls")
This is caused by the %>% operator being explicitly allowed in the query at the time when the check is performed
The text was updated successfully, but these errors were encountered:
The mechanism that stops queryparser from translating an expression if it includes functions that are not on the whitelist can be defeated by using a function name with no parentheses and using the forward pipe operator
%>%
to pass input to the function. For example:This is caused by the
%>%
operator being explicitly allowed in the query at the time when the check is performedThe text was updated successfully, but these errors were encountered: