Creates a guardrail that detects data flow patterns in R code using AST analysis. Can block environment access, network operations, file writes, and file reads.
Usage
guard_code_dataflow(
block_env_access = TRUE,
block_network = TRUE,
block_file_write = TRUE,
block_file_read = FALSE
)Arguments
- block_env_access
Logical(1). Block environment variable access (
Sys.getenv,Sys.setenv,Sys.unsetenv,.GlobalEnv,globalenv(),parent.env()). DefaultTRUE.- block_network
Logical(1). Block network operations (
url(),download.file,curl::*,httr::*,httr2::*,socketConnection). DefaultTRUE.- block_file_write
Logical(1). Block file write operations (
writeLines,write.csv,write.table,saveRDS,save,cat(..., file=),sink,file.create,file.copy,file.rename,unlink,file.remove). DefaultTRUE.- block_file_read
Logical(1). Block file read operations (
readLines,read.csv,read.table,readRDS,load,scan,source,file). DefaultFALSE.
Examples
g <- guard_code_dataflow()
run_guardrail(g, "x <- 1 + 2")
#> <guardrail_result> PASS
run_guardrail(g, "Sys.getenv('SECRET_KEY')")
#> <guardrail_result> FAIL
#> Reason: Data flow violation(s): Sys.getenv