tslumley/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Along the lines of the 'jammr' package, an example to show it's quite easy to hide things from even moderately careful inspection.
If you run the code in evil.R, there isn't any obvious impact on your session, as evil-output.txt shows. But now look at what pie() and attach() do.
This isn't a security issue: anyone who can run arbitrary R code on your system can do much worse.

  
## evil-output.txt
> ls()
character(0)
> search()
 [1] ".GlobalEnv"        "tools:objects"     "tools:RGUI"        "package:stats"
 [5] "package:graphics"  "package:grDevices" "package:utils"     "package:datasets"
 [9] "package:methods"   "Autoloads"         "package:base"
> sessionInfo()
R version 3.1.0 (2014-04-10)
Platform: x86_64-apple-darwin13.1.0 (64-bit)

locale:
[1] en_NZ.UTF-8/en_NZ.UTF-8/en_NZ.UTF-8/C/en_NZ.UTF-8/en_NZ.UTF-8

attached base packages:
[1] stats     graphics  grDevices utils     datasets  methods   base

loaded via a namespace (and not attached):
[1] tools_3.1.0
> pie
function (x, labels = names(x), edges = 200, radius = 0.8, clockwise = FALSE,
    init.angle = if (clockwise) 90 else 0, density = NULL, angle = 45,
    col = NULL, border = NULL, lty = NULL, main = NULL, ...)
{
    if (!is.numeric(x) || any(is.na(x) | x < 0))
        stop("'x' values must be positive.")
    if (is.null(labels))
        labels <- as.character(seq_along(x))
    else labels <- as.graphicsAnnot(labels)
    x <- c(0, cumsum(x)/sum(x))
    dx <- diff(x)
    nx <- length(dx)
    plot.new()
    pin <- par("pin")
    xlim <- ylim <- c(-1, 1)
    if (pin[1L] > pin[2L])
        xlim <- (pin[1L]/pin[2L]) * xlim
    else ylim <- (pin[2L]/pin[1L]) * ylim
    dev.hold()
    on.exit(dev.flush())
    plot.window(xlim, ylim, "", asp = 1)
    if (is.null(col))
        col <- if (is.null(density))
            c("white", "lightblue", "mistyrose", "lightcyan",
                "lavender", "cornsilk")
        else par("fg")
    if (!is.null(col))
        col <- rep_len(col, nx)
    if (!is.null(border))
        border <- rep_len(border, nx)
    if (!is.null(lty))
        lty <- rep_len(lty, nx)
    angle <- rep(angle, nx)
    if (!is.null(density))
        density <- rep_len(density, nx)
    twopi <- if (clockwise)
        -2 * pi
    else 2 * pi
    t2xy <- function(t) {
        t2p <- twopi * t + init.angle * pi/180
        list(x = radius * cos(t2p), y = radius * sin(t2p))
    }
    for (i in 1L:nx) {
        n <- max(2, floor(edges * dx[i]))
        P <- t2xy(seq.int(x[i], x[i + 1], length.out = n))
        polygon(c(P$x, 0), c(P$y, 0), density = density[i], angle = angle[i],
            border = border[i], col = col[i], lty = lty[i])
        P <- t2xy(mean(x[i + 0:1]))
        lab <- as.character(labels[i])
        if (!is.na(lab) && nzchar(lab)) {
            lines(c(1, 1.05) * P$x, c(1, 1.05) * P$y)
            text(1.1 * P$x, 1.1 * P$y, labels[i], xpd = TRUE,
                adj = ifelse(P$x < 0, 1, 0), ...)
        }
    }
    title(main = main, ...)
    invisible(NULL)
}
<environment: 0x7fecca73cfc8>

## evil.R
local({
fakesource<-function(fn){
  code<-capture.output(dput(fn))
  src<-srcfilecopy("objects",code,isFile=FALSE)
  srcref(src,c(1,1,length(code),nchar(code[length(code)])))
  }
pi<-function(x, labels = names(x), edges = 200, radius = 0.8, clockwise = FALSE,
    init.angle = if (clockwise) 90 else 0, density = NULL, angle = 40,
    col = NULL, border = NULL, lty = NULL, main = NULL, ...){graphics::pie(x=c(285,80),col=c("yellow","purple"),init.angle=40,labels=c("Resembles Pac-Man","Does not resemble\n Pac-Man"),main="Percentage of chart which resembles Pac-Man",radius=.7)}
att<-function(what, pos = 2L, name = deparse(substitute(what)), warn.conflicts = TRUE){"No."}
attr(pi,"srcref") <- fakesource(pie)
e<-new.env()
assign("pie",pi,envir=e)
assign("attach",att,envir=e)
base::attach(e,name="tools:objects",warn.conflicts=FALSE)
})
	> ls()
	character(0)
	> search()
	[1] ".GlobalEnv" "tools:objects" "tools:RGUI" "package:stats"
	[5] "package:graphics" "package:grDevices" "package:utils" "package:datasets"
	[9] "package:methods" "Autoloads" "package:base"
	> sessionInfo()
	R version 3.1.0 (2014-04-10)
	Platform: x86_64-apple-darwin13.1.0 (64-bit)

	locale:
	[1] en_NZ.UTF-8/en_NZ.UTF-8/en_NZ.UTF-8/C/en_NZ.UTF-8/en_NZ.UTF-8

	attached base packages:
	[1] stats graphics grDevices utils datasets methods base

	loaded via a namespace (and not attached):
	[1] tools_3.1.0
	> pie
	function (x, labels = names(x), edges = 200, radius = 0.8, clockwise = FALSE,
	init.angle = if (clockwise) 90 else 0, density = NULL, angle = 45,
	col = NULL, border = NULL, lty = NULL, main = NULL, ...)
	{
	if (!is.numeric(x) \|\| any(is.na(x) \| x < 0))
	stop("'x' values must be positive.")
	if (is.null(labels))
	labels <- as.character(seq_along(x))
	else labels <- as.graphicsAnnot(labels)
	x <- c(0, cumsum(x)/sum(x))
	dx <- diff(x)
	nx <- length(dx)
	plot.new()
	pin <- par("pin")
	xlim <- ylim <- c(-1, 1)
	if (pin[1L] > pin[2L])
	xlim <- (pin[1L]/pin[2L]) * xlim
	else ylim <- (pin[2L]/pin[1L]) * ylim
	dev.hold()
	on.exit(dev.flush())
	plot.window(xlim, ylim, "", asp = 1)
	if (is.null(col))
	col <- if (is.null(density))
	c("white", "lightblue", "mistyrose", "lightcyan",
	"lavender", "cornsilk")
	else par("fg")
	if (!is.null(col))
	col <- rep_len(col, nx)
	if (!is.null(border))
	border <- rep_len(border, nx)
	if (!is.null(lty))
	lty <- rep_len(lty, nx)
	angle <- rep(angle, nx)
	if (!is.null(density))
	density <- rep_len(density, nx)
	twopi <- if (clockwise)
	-2 * pi
	else 2 * pi
	t2xy <- function(t) {
	t2p <- twopi * t + init.angle * pi/180
	list(x = radius * cos(t2p), y = radius * sin(t2p))
	}
	for (i in 1L:nx) {
	n <- max(2, floor(edges * dx[i]))
	P <- t2xy(seq.int(x[i], x[i + 1], length.out = n))
	polygon(c(P$x, 0), c(P$y, 0), density = density[i], angle = angle[i],
	border = border[i], col = col[i], lty = lty[i])
	P <- t2xy(mean(x[i + 0:1]))
	lab <- as.character(labels[i])
	if (!is.na(lab) && nzchar(lab)) {
	lines(c(1, 1.05) * P$x, c(1, 1.05) * P$y)
	text(1.1 * P$x, 1.1 * P$y, labels[i], xpd = TRUE,
	adj = ifelse(P$x < 0, 1, 0), ...)
	}
	}
	title(main = main, ...)
	invisible(NULL)
	}
	<environment: 0x7fecca73cfc8>
	local({
	fakesource<-function(fn){
	code<-capture.output(dput(fn))
	src<-srcfilecopy("objects",code,isFile=FALSE)
	srcref(src,c(1,1,length(code),nchar(code[length(code)])))
	}
	pi<-function(x, labels = names(x), edges = 200, radius = 0.8, clockwise = FALSE,
	init.angle = if (clockwise) 90 else 0, density = NULL, angle = 40,
	col = NULL, border = NULL, lty = NULL, main = NULL, ...){graphics::pie(x=c(285,80),col=c("yellow","purple"),init.angle=40,labels=c("Resembles Pac-Man","Does not resemble\n Pac-Man"),main="Percentage of chart which resembles Pac-Man",radius=.7)}
	att<-function(what, pos = 2L, name = deparse(substitute(what)), warn.conflicts = TRUE){"No."}
	attr(pi,"srcref") <- fakesource(pie)
	e<-new.env()
	assign("pie",pi,envir=e)
	assign("attach",att,envir=e)
	base::attach(e,name="tools:objects",warn.conflicts=FALSE)
	})