diff --git a/.jules/sentinel.md b/.jules/sentinel.md new file mode 100644 index 0000000..ae5d03c --- /dev/null +++ b/.jules/sentinel.md @@ -0,0 +1,4 @@ +## 2024-05-24 - Default try() behavior causes information disclosure +**Vulnerability:** Information Disclosure +**Learning:** R's `try()` function defaults to `silent = FALSE`. When mathematical operations like `dmvnorm` fail (e.g., due to non-positive definite matrices), the detailed error messages and internal state information are printed directly to standard error, potentially leaking sensitive system information to users. +**Prevention:** Always use `try(..., silent = TRUE)` when wrapping functions that can throw exceptions, or use `tryCatch()` to explicitly handle errors without exposing internal state. diff --git a/R/llcont.R b/R/llcont.R index 5896c33..f84dd1a 100644 --- a/R/llcont.R +++ b/R/llcont.R @@ -468,7 +468,8 @@ llcont.lavaan <- function(x, ...){ if(length(x.idx) == 1){ tmpll.x <- dnorm(X[,x.dat.idx], Mu.X, sqrt(Sigma.X), log=TRUE) } else { - tmpll.x <- try(dmvnorm(X[,x.dat.idx], Mu.X, Sigma.X, log=TRUE)) + # Prevent potential error details (e.g. non-positive definite matrix) from leaking to output + tmpll.x <- try(dmvnorm(X[,x.dat.idx], Mu.X, Sigma.X, log=TRUE), silent = TRUE) } if(inherits(tmpll.x, "try-error")) tmpll.x <- NA tmpll[case.idx] <- tmpll[case.idx] - tmpll.x