gesistsa · chainsawriot · May 16, 2024 · May 16, 2024 · May 16, 2024 · May 16, 2024
diff --git a/R/import.R b/R/import.R
@@ -61,6 +61,7 @@
 #'
 #' After importing metadata-rich file formats (e.g., from Stata or SPSS), it may be helpful to recode labelled variables to character or factor using [characterize()] or [factorize()] respectively.
 #'
+#' # Trust
 #' For serialization formats (.R, .RDS, and .RData), please note that you should only load these files from trusted sources. It is because these formats are not necessarily for storing rectangular data and can also be used to store many things, e.g. code. Importing these files could lead to arbitary code execution. Please read the security principles by the R Project (Plummer, 2024). When importing these files via `rio`, you should affirm that you trust these files, i.e. `trust = TRUE`. See example below. If this affirmation is missing, the current version assumes `trust` to be true for backward compatibility and a deprecation notice will be printed. In the next major release (2.0.0), you must explicitly affirm your trust when importing these files.
 #'
 #' @note For csv and txt files with row names exported from [export()], it may be helpful to specify `row.names` as the column of the table which contain row names. See example below.

diff --git a/R/import_list.R b/R/import_list.R
@@ -7,6 +7,8 @@
 #' @param rbind_fill If `rbind = TRUE`, a logical indicating whether to set the `fill = TRUE` (and fill missing columns with `NA`).
 #' @param \dots Additional arguments passed to [import()]. Behavior may be unexpected if files are of different formats.
 #' @inheritParams import
+#' @inheritSection import Trust
+#' @inherit import references
 #' @return If `rbind=FALSE` (the default), a list of a data frames. Otherwise, that list is passed to [data.table::rbindlist()] with `fill = TRUE` and returns a data frame object of class set by the `setclass` argument; if this operation fails, the list is returned.
 #' @details When file is a vector of file paths and any files are missing, those files are ignored (with warnings) and this function will not raise any error.
 #' @examples
@@ -84,6 +86,13 @@ import_list <- function(file, setclass = getOption("rio.import.class", "data.fra
         file <- remote_to_local(file)
     }
     if (get_info(file)$format == "rdata") {
+        dots <- list(...)
+        if ("trust" %in% names(dots)) {
+            trust <- dots[["trust"]]
+        } else {
+            trust <- getOption("rio.import.trust", default = NULL)
+        }
+        .check_trust(trust, format = "RData")
         e <- new.env()
         load(file, envir = e)
         return(as.list(e))

diff --git a/man/import.Rd b/man/import.Rd
diff --git a/man/import_list.Rd b/man/import_list.Rd
diff --git a/tests/testthat/test_trust.R b/tests/testthat/test_trust.R
@@ -59,3 +59,22 @@ test_that("`trust` wont cause problems for other import methods", {
         expect_error(import(iris_file, trust = FALSE), NA)
     })
 })
+
+test_that("`trust` for import_list()", {
+    withr::with_tempfile("iris_file", fileext = ".rdata", code = {
+        export(iris, iris_file)
+        lifecycle::expect_deprecated(import_list(iris_file), regexp = "set to FALSE by default")
+        expect_silent(import_list(iris_file, trust = TRUE))
+        expect_error(import_list(iris_file, trust = FALSE))
+
+    })
+})
+
+test_that("`trust` wont cause problems for other formats in import_list", {
+    withr::with_tempfile("data_file", fileext = ".xlsx", code = {
+        export(list(a = mtcars, b = iris), data_file)
+        expect_silent(import(data_file))
+        expect_silent(import(data_file, trust = TRUE))
+        expect_error(import(data_file, trust = FALSE), NA)
+    })
+})