Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .jules/sentinel.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
## 2024-05-23 - Secure Error Handling in R Packages
**Vulnerability:** Uncaught or non-silent errors in R packages can bubble up and leak internal stack traces or internal state information to users or logs, which is a security risk. In `R/llcont.R`, log-likelihood calculations using `dnorm` and `dmvnorm` could fail, but only one case was wrapped in `try()` (without `silent=TRUE`) and the others had no `try()` wrapper despite expecting to catch errors using `inherits(tmpll.x, "try-error")`.
**Learning:** `try()` calls in R should use `silent=TRUE` when the goal is to securely catch exceptions and return an expected default (like `NA`), instead of exposing the error details to the caller or console.
**Prevention:** Always verify that code that expects `try-error` actually wraps its execution in `try(..., silent=TRUE)`.
8 changes: 4 additions & 4 deletions R/llcont.R
Original file line number Diff line number Diff line change
Expand Up @@ -424,9 +424,9 @@ llcont.lavaan <- function(x, ...){
}

if(length(x.idx) == 1){
tmpll.x <- dnorm(x@Data@X[[g]][,x.idx], Mu.X, sqrt(Sigma.X), log=TRUE)
tmpll.x <- try(dnorm(x@Data@X[[g]][,x.idx], Mu.X, sqrt(Sigma.X), log=TRUE), silent=TRUE)
} else {
tmpll.x <- dmvnorm(x@Data@X[[g]][,x.idx], Mu.X, Sigma.X, log=TRUE)
tmpll.x <- try(dmvnorm(x@Data@X[[g]][,x.idx], Mu.X, Sigma.X, log=TRUE), silent=TRUE)
}
if(inherits(tmpll.x, "try-error")) tmpll.x <- NA
llvec[grpind] <- llvec[grpind] - tmpll.x
Expand Down Expand Up @@ -466,9 +466,9 @@ llcont.lavaan <- function(x, ...){
Sigma.X <- Sigma.hat[x.idx, x.idx, drop=FALSE]

if(length(x.idx) == 1){
tmpll.x <- dnorm(X[,x.dat.idx], Mu.X, sqrt(Sigma.X), log=TRUE)
tmpll.x <- try(dnorm(X[,x.dat.idx], Mu.X, sqrt(Sigma.X), log=TRUE), silent=TRUE)
} else {
tmpll.x <- try(dmvnorm(X[,x.dat.idx], Mu.X, Sigma.X, log=TRUE))
tmpll.x <- try(dmvnorm(X[,x.dat.idx], Mu.X, Sigma.X, log=TRUE), silent=TRUE)
}
if(inherits(tmpll.x, "try-error")) tmpll.x <- NA
tmpll[case.idx] <- tmpll[case.idx] - tmpll.x
Expand Down