diff --git a/.Rbuildignore b/.Rbuildignore index 1c85620..b85d639 100644 --- a/.Rbuildignore +++ b/.Rbuildignore @@ -15,3 +15,5 @@ ^registered_agents\.json$ ^task_agent_mapping\.json$ ^\.gitleaks\.toml$ +^\.jules$ +^\.jules/.* diff --git a/.jules/sentinel.md b/.jules/sentinel.md new file mode 100644 index 0000000..755d06c --- /dev/null +++ b/.jules/sentinel.md @@ -0,0 +1,4 @@ +## 2024-06-27 - [Infinite Recursion DoS in Non-Interactive Environments] +**Vulnerability:** The legacy `readline()` prompts use unbounded recursion on invalid inputs, causing a C stack overflow (DoS) when executed in headless/CI environments. +**Learning:** Automated/non-interactive execution environments supply `""` or `EOF` to `readline()`, which fails validation regexes and triggers the infinite recursion loop. +**Prevention:** Always wrap interactive prompts with `interactive()` checks and provide safe, deterministic default fallbacks for headless execution. diff --git a/R/aFIPC.R b/R/aFIPC.R index b6a9e6c..da61777 100644 --- a/R/aFIPC.R +++ b/R/aFIPC.R @@ -74,6 +74,8 @@ autoFIPC <- data.frame(cbind(newformCommonItemNames, oldformCommonItemNames)) checkCorrect <- function() { + # Security fix: Prevent infinite recursion DoS in non-interactive environments + if (!interactive()) return(1L) n <- readline(prompt = "Is it correct? (1: Yes 2: No) : ") if (!grepl("^[0-9]+$", n)) { return(checkCorrect()) @@ -99,6 +101,8 @@ autoFIPC <- oldformYDataK <- oldformYData if (itemtype == '3PL' && length(oldformBILOGprior) == 0) { checkoldformBILOGprior <- function() { + # Security fix: Prevent infinite recursion DoS in non-interactive environments + if (!interactive()) return(1L) n <- readline( prompt = "Do you want to use default BILOG-MG priors for oldform Data? (1: Yes 2: No) : " @@ -310,6 +314,8 @@ autoFIPC <- newformXDataK <- newformXData if (itemtype == '3PL' && length(newformBILOGprior) == 0) { checknewformBILOGprior <- function() { + # Security fix: Prevent infinite recursion DoS in non-interactive environments + if (!interactive()) return(1L) n <- readline( prompt = "Do you want to use default BILOG-MG priors for newform Data? (1: Yes 2: No) : "