Revisions to List of dangerous functions

replaced http://mathematica.stackexchange.com/ with https://mathematica.stackexchange.com/

edited Apr 13, 2017 at 12:55

1

I no longer believe it is a good idea to work with a list of dangerous functions. I have tried to edit the question is such a way that it respects my earlier perspective, but also so that it does not give users the impression that certain things are safe whereas they are not.

Introduction

Running Mathematica code from an untrusted source is very dangerous. Luckily, Mathematica warns you about dynamic content, so that it is probably safe to open any notebook, as long as you don't run it.

I feel it would be very nice to have a list of functions that can harm a system. Using this, we may be able to make a function that checks if a notebook is safe.

A function to find dangerous functions

A naive function to see if dangerous expressions are present in a NotebookObject, could be the following.

Through[{Unprotect, ClearAll}[dangerousFunctionsQ]] dangerousFunctionsQ[nb_] := ! FreeQ[ToExpression[Unevaluated[#], StandardForm, HoldComplete] & /@ (NotebookRead@Cells[nb])[[All, 1]], Alternatives @@ listOfDangerousFunctions]; Protect[dangerousFunctionsQ];

Where listOfDangerousFunctions is given. Unfortunately, this code does not guarantee safety, even we know the full list of dangerous functions.

Furthermore, getting the NotebookObject is a bit tricky. We could simply open the notebook and use Notebooks, but opening the notebook doesn't sound too safe. Also making an automated approach based on this is inelegant. Note however, that using the obvious alternative, which is to use Import (with one argument) on the notebook file turns out not to be safe.

The question is: Which built-in functions are dangerous (especially just by themselves)?

I no longer believe it is a good idea to work with a list of dangerous functions. I have tried to edit the question is such a way that it respects my earlier perspective, but also so that it does not give users the impression that certain things are safe whereas they are not.

Introduction

Running Mathematica code from an untrusted source is very dangerous. Luckily, Mathematica warns you about dynamic content, so that it is probably safe to open any notebook, as long as you don't run it.

I feel it would be very nice to have a list of functions that can harm a system. Using this, we may be able to make a function that checks if a notebook is safe.

A function to find dangerous functions

A naive function to see if dangerous expressions are present in a NotebookObject, could be the following.

Through[{Unprotect, ClearAll}[dangerousFunctionsQ]] dangerousFunctionsQ[nb_] := ! FreeQ[ToExpression[Unevaluated[#], StandardForm, HoldComplete] & /@ (NotebookRead@Cells[nb])[[All, 1]], Alternatives @@ listOfDangerousFunctions]; Protect[dangerousFunctionsQ];

Where listOfDangerousFunctions is given. Unfortunately, this code does not guarantee safety, even we know the full list of dangerous functions.

Furthermore, getting the NotebookObject is a bit tricky. We could simply open the notebook and use Notebooks, but opening the notebook doesn't sound too safe. Also making an automated approach based on this is inelegant. Note however, that using the obvious alternative, which is to use Import (with one argument) on the notebook file turns out not to be safe.

The question is: Which built-in functions are dangerous (especially just by themselves)?

I no longer believe it is a good idea to work with a list of dangerous functions. I have tried to edit the question is such a way that it respects my earlier perspective, but also so that it does not give users the impression that certain things are safe whereas they are not.

Introduction

Running Mathematica code from an untrusted source is very dangerous. Luckily, Mathematica warns you about dynamic content, so that it is probably safe to open any notebook, as long as you don't run it.

I feel it would be very nice to have a list of functions that can harm a system. Using this, we may be able to make a function that checks if a notebook is safe.

A function to find dangerous functions

A naive function to see if dangerous expressions are present in a NotebookObject, could be the following.

Through[{Unprotect, ClearAll}[dangerousFunctionsQ]] dangerousFunctionsQ[nb_] := ! FreeQ[ToExpression[Unevaluated[#], StandardForm, HoldComplete] & /@ (NotebookRead@Cells[nb])[[All, 1]], Alternatives @@ listOfDangerousFunctions]; Protect[dangerousFunctionsQ];

Where listOfDangerousFunctions is given. Unfortunately, this code does not guarantee safety, even we know the full list of dangerous functions.

Furthermore, getting the NotebookObject is a bit tricky. We could simply open the notebook and use Notebooks, but opening the notebook doesn't sound too safe. Also making an automated approach based on this is inelegant. Note however, that using the obvious alternative, which is to use Import (with one argument) on the notebook file turns out not to be safe.

The question is: Which built-in functions are dangerous (especially just by themselves)?

Cleanup, deleted bad stuff.

Source Link

edited Jul 13, 2014 at 15:32

Jacob Akkerboom

12.3k
47
87

I no longer believe it is a good idea to work with a list of dangerous functions. I have tried to edit the question is such a way that it respects my earlier perspective, but also so that it does not give users the impression that certain things are safe whereas they are not.

Introduction

Running Mathematica code from an untrusted source is very dangerous. Luckily, Mathematica warns you about dynamic content, so that it is at leastprobably safe to open any notebook, as long as you don't run it.

I feel it would be very nice to have a list of functions that can harm a system. Using this, it shouldwe may be straightforwardable to make a function that checks if any dangerous functions occur in a notebook is safe.

My suggestion for aA naive function to see if dangerous expressions are present in a NotebookObject, could be the following.

Where listOfDangerousFunctions is given. Here, the NotebookObject can be found using Notebooks. Sadly thoughUnfortunately, this function iscode does not able to parse all expressionsguarantee safety, even we know the full list of dangerous functions.

An alternative, especially for users who do not have version 9Furthermore, could be to look directly at the notebook file. This could be done by importinggetting the notebook file using ImportNotebookObject. The function is then

Through[{Unprotect, ClearAll}[dangerousFunctionsInFileQ]] dangerousFunctionsInFileQ[notebookFileName_] := If[StringSplit[notebookFileName, "."][[-1]] === "nb", ! FreeQ[ Level[ Import[notebookFileName], {3, 3} , ToExpression[Unevaluated@#, StandardForm, HoldComplete] &], Alternatives @@ listOfDangerousFunctions] , $Failed ]

The If statement here serves to protect the user against trying to check if for example a .m file has dangerous symbolsbit tricky. In this case we really do not wantWe could simply open the notebook and use ImportNotebooks to happen, as that would evaluatebut opening the code. This function is does also not parse all expressions correctly.

One reason why both functions do not work well is probably that there can be nested cells in a notebook doesn't sound too safe. InAlso making an automated approach based on this case we have to do something smarter than getting all expressions at a certain level.

Expressions versus strings

I feel it is nicest if the function that checks for dangerous symbols works with expressions rather than stringsinelegant. Note however, so that notation ofusing the dangerous functions should not be an issue. (For exampleobvious alternative, you can write the dangerous function Get aswhich is to use <<Import). However, this requires a bit more work than simple searching for strings. This preference is reflected in my own (community wikiwith one argument) answeron the notebook file turns out not to this questionbe safe.

The question is: Which functions built in Mathematica-in functions are dangerous (especially just by themselves)?

Remarks

I have assumed no function that checks for dangerous expressions is available in Mathematica. If such a function is available, please let me know :).

For now let's try to list as many functions as possible. It would be very nice if we could make a complete list, but anybody should feel free to add any function, without making a long list.

Possibly we should add Unprotect, ClearAttributes and ClearAll to the list of dangerous functions, as otherwise untrusted code could change the function dangerousFunctionsQ. Alternatively we could make this function Locked.

Introduction

Running Mathematica code from an untrusted source is very dangerous. Luckily, Mathematica warns you about dynamic content, so that it is at least safe to open any notebook, as long as you don't run it.

I feel it would be very nice to have a list of functions that can harm a system. Using this, it should be straightforward to make a function that checks if any dangerous functions occur in a notebook.

My suggestion for a function to see if dangerous expressions are present

Where listOfDangerousFunctions is given. Here, the NotebookObject can be found using Notebooks. Sadly though, this function is not able to parse all expressions.

An alternative, especially for users who do not have version 9, could be to look directly at the notebook file. This could be done by importing the notebook file using Import. The function is then

Through[{Unprotect, ClearAll}[dangerousFunctionsInFileQ]] dangerousFunctionsInFileQ[notebookFileName_] := If[StringSplit[notebookFileName, "."][[-1]] === "nb", ! FreeQ[ Level[ Import[notebookFileName], {3, 3} , ToExpression[Unevaluated@#, StandardForm, HoldComplete] &], Alternatives @@ listOfDangerousFunctions] , $Failed ]

The If statement here serves to protect the user against trying to check if for example a .m file has dangerous symbols. In this case we really do not want the Import to happen, as that would evaluate the code. This function is does also not parse all expressions correctly.

One reason why both functions do not work well is probably that there can be nested cells in a notebook. In this case we have to do something smarter than getting all expressions at a certain level.

Expressions versus strings

I feel it is nicest if the function that checks for dangerous symbols works with expressions rather than strings, so that notation of the dangerous functions should not be an issue. (For example, you can write the dangerous function Get as <<). However, this requires a bit more work than simple searching for strings. This preference is reflected in my own (community wiki) answer to this question.

The question is: Which functions built in Mathematica are dangerous (especially just by themselves)?

Remarks

I have assumed no function that checks for dangerous expressions is available in Mathematica. If such a function is available, please let me know :).

For now let's try to list as many functions as possible. It would be very nice if we could make a complete list, but anybody should feel free to add any function, without making a long list.

Possibly we should add Unprotect, ClearAttributes and ClearAll to the list of dangerous functions, as otherwise untrusted code could change the function dangerousFunctionsQ. Alternatively we could make this function Locked.

I no longer believe it is a good idea to work with a list of dangerous functions. I have tried to edit the question is such a way that it respects my earlier perspective, but also so that it does not give users the impression that certain things are safe whereas they are not.

Introduction

Running Mathematica code from an untrusted source is very dangerous. Luckily, Mathematica warns you about dynamic content, so that it is probably safe to open any notebook, as long as you don't run it.

I feel it would be very nice to have a list of functions that can harm a system. Using this, we may be able to make a function that checks if a notebook is safe.

A naive function to see if dangerous expressions are present in a NotebookObject, could be the following.

Where listOfDangerousFunctions is given. Unfortunately, this code does not guarantee safety, even we know the full list of dangerous functions.

Furthermore, getting the NotebookObject is a bit tricky. We could simply open the notebook and use Notebooks, but opening the notebook doesn't sound too safe. Also making an automated approach based on this is inelegant. Note however, that using the obvious alternative, which is to use Import (with one argument) on the notebook file turns out not to be safe.

The question is: Which built-in functions are dangerous (especially just by themselves)?

added 1482 characters in body

Source Link

edited Jul 28, 2013 at 19:54

Jacob Akkerboom

12.3k
47
87

Introduction

Running Mathematica code from an untrusted source is very dangerous. Luckily, Mathematica warns you about dynamic content, so that it is at least safe to open any notebook, as long as you don't run it.

I feel it would be very nice to have a list of functions that can harm a system. Using this, it should be straightforward to make a function that checks if any dangerous functions occur in a notebook.

A function to find dangerous functions

My suggestion for a function to see if dangerous expressions are present

Protect[dangerousFunctionsQ]Through[{Unprotect, ClearAll}[dangerousFunctionsQ]]  dangerousFunctionsQ[nb_] := ! FreeQ[ToExpression[# FreeQ[ToExpression[Unevaluated[#], StandardForm,   HoldComplete] & /@ (NotebookRead@Cells[nb])[[All, 1]],   Alternatives @@ listOfDangerousFunctions]listOfDangerousFunctions];  Protect[dangerousFunctionsQ];

Where listOfDangerousFunctions is given. Here, the NotebookObject can be found using Notebooks. Sadly though, this function is not able to parse all expressions.

An alternative, especially for users who do not have version 9, could be to look directly at the notebook file. This could be done by importing the notebook file using Import. The function is then

Through[{Unprotect, ClearAll}[dangerousFunctionsInFileQ]] dangerousFunctionsInFileQ[notebookFileName_] := If[StringSplit[notebookFileName, "."][[-1]] === "nb", ! FreeQ[ Level[ Import[notebookFileName], {3, 3} , ToExpression[Unevaluated@#, StandardForm, HoldComplete] &], Alternatives @@ listOfDangerousFunctions] , $Failed ]

The If statement here serves to protect the user against trying to check if for example a .m file has dangerous symbols. In this case we really do not want the Import to happen, as that would evaluate the code. This function is does also not parse all expressions correctly.

One reason why both functions do not work well is probably that there can be nested cells in a notebook. In this case we have to do something smarter than getting all expressions at a certain level.

Expressions versus strings

I feel it is nicest if such athe function that checks for dangerous symbols works with expressions rather than strings, so that notation of the dangerous functions should not be an issue. (For example, you can write the dangerous function Get as <<). However, this requires a bit more work than simple searching for strings. This preference is reflected in my own (community wiki) answer to this question.

The question is: Which functions built in Mathematica are dangerous (especially just by themselves)?

Remarks

I have assumed no function that checks for dangerous expressions is presentavailable in MathematicaMathematica. If such a function is available, please let me know :).

For now let's try to list as many functions as possible. It would be very nice if we could make a complete list, but anybody should feel free to add any function, without making a long list.

Possibly we should add Unprotect and, ClearAttributes and ClearAll to the list of dangerous functions, as otherwise untrusted code could change the function dangerousFunctionsQ. Alternatively we could make this function Locked.

Introduction

Running Mathematica code from an untrusted source is very dangerous. Luckily, Mathematica warns you about dynamic content, so that it is at least safe to open any notebook, as long as you don't run it.

I feel it would be very nice to have a list of functions that can harm a system. Using this, it should be straightforward to make a function that checks if any dangerous functions occur in a notebook.

A function to find dangerous functions

My suggestion for a function to see if dangerous expressions are present

Protect[dangerousFunctionsQ] dangerousFunctionsQ[nb_] := FreeQ[ToExpression[#, StandardForm, HoldComplete] & /@ (NotebookRead@Cells[nb])[[All, 1]], Alternatives @@ listOfDangerousFunctions]

Where listOfDangerousFunctions is given.

I feel it is nicest if such a function works with expressions rather than strings, so notation of the dangerous functions should not be an issue. (For example, you can write the dangerous function Get as <<). This preference is reflected in my own (community wiki) answer to this question.

The question is: Which functions built in Mathematica are dangerous (especially just by themselves)?

Remarks

I have assumed no function that checks for dangerous expressions is present in Mathematica. If such a function is available, please let me know :).

For now let's try to list as many functions as possible. It would be very nice if we could make a complete list, but anybody should feel free to add any function, without making a long list.

Possibly we should add Unprotect and ClearAttributes to the list of dangerous functions, as otherwise untrusted code could change the function dangerousFunctionsQ. Alternatively we could make this function Locked.

Introduction

Running Mathematica code from an untrusted source is very dangerous. Luckily, Mathematica warns you about dynamic content, so that it is at least safe to open any notebook, as long as you don't run it.

I feel it would be very nice to have a list of functions that can harm a system. Using this, it should be straightforward to make a function that checks if any dangerous functions occur in a notebook.

A function to find dangerous functions

My suggestion for a function to see if dangerous expressions are present

Through[{Unprotect, ClearAll}[dangerousFunctionsQ]]  dangerousFunctionsQ[nb_] := !  FreeQ[ToExpression[Unevaluated[#], StandardForm,   HoldComplete] & /@ (NotebookRead@Cells[nb])[[All, 1]],   Alternatives @@ listOfDangerousFunctions];  Protect[dangerousFunctionsQ];

Where listOfDangerousFunctions is given. Here, the NotebookObject can be found using Notebooks. Sadly though, this function is not able to parse all expressions.

An alternative, especially for users who do not have version 9, could be to look directly at the notebook file. This could be done by importing the notebook file using Import. The function is then

Through[{Unprotect, ClearAll}[dangerousFunctionsInFileQ]] dangerousFunctionsInFileQ[notebookFileName_] := If[StringSplit[notebookFileName, "."][[-1]] === "nb", ! FreeQ[ Level[ Import[notebookFileName], {3, 3} , ToExpression[Unevaluated@#, StandardForm, HoldComplete] &], Alternatives @@ listOfDangerousFunctions] , $Failed ]

The If statement here serves to protect the user against trying to check if for example a .m file has dangerous symbols. In this case we really do not want the Import to happen, as that would evaluate the code. This function is does also not parse all expressions correctly.

One reason why both functions do not work well is probably that there can be nested cells in a notebook. In this case we have to do something smarter than getting all expressions at a certain level.

Expressions versus strings

I feel it is nicest if the function that checks for dangerous symbols works with expressions rather than strings, so that notation of the dangerous functions should not be an issue. (For example, you can write the dangerous function Get as <<). However, this requires a bit more work than simple searching for strings. This preference is reflected in my own (community wiki) answer to this question.

The question is: Which functions built in Mathematica are dangerous (especially just by themselves)?

Remarks

I have assumed no function that checks for dangerous expressions is available in Mathematica. If such a function is available, please let me know :).

For now let's try to list as many functions as possible. It would be very nice if we could make a complete list, but anybody should feel free to add any function, without making a long list.

Possibly we should add Unprotect, ClearAttributes and ClearAll to the list of dangerous functions, as otherwise untrusted code could change the function dangerousFunctionsQ. Alternatively we could make this function Locked.