From 7db41e4b1c661e79564287f62e536367851d043a Mon Sep 17 00:00:00 2001
From: Ganesh Patil <7030871503ganeshpatil@gmail.com>
Date: Thu, 12 Feb 2026 01:54:03 +0530
Subject: [PATCH 1/8] Security: Replace unsafe eval() in MATLAB parsers with
 safe numeric parsing (Issue #245)

---
 concore_default_maxtime.m | 5 ++++-
 concore_initval.m         | 5 ++++-
 concore_iport.m           | 4 +++-
 concore_read.m            | 5 ++++-
 4 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/concore_default_maxtime.m b/concore_default_maxtime.m
index 5627d5f..81ce693 100644
--- a/concore_default_maxtime.m
+++ b/concore_default_maxtime.m
@@ -3,7 +3,10 @@ function concore_default_maxtime(default)
     try
         maxfile = fopen(strcat(concore.inpath,'1/concore.maxtime'));
         instr = fscanf(maxfile,'%c');
-        concore.maxtime = eval(instr);
+        % Safe numeric parsing (replaces unsafe eval)
+        clean_str = strtrim(instr);
+        clean_str = regexprep(clean_str, '[\[\]]', '');
+        concore.maxtime = sscanf(clean_str, '%f');
         fclose(maxfile);
     catch exc 
         concore.maxtime = default;
diff --git a/concore_initval.m b/concore_initval.m
index 73cc146..da3b5a0 100644
--- a/concore_initval.m
+++ b/concore_initval.m
@@ -1,6 +1,9 @@
 function [result] = concore_initval(simtime_val)
     global concore;
-    result = eval(simtime_val);
+    % Safe numeric parsing (replaces unsafe eval)
+    clean_str = strtrim(simtime_val);
+    clean_str = regexprep(clean_str, '[\[\]]', '');
+    result = sscanf(clean_str, '%f').';
     concore.simtime = result(1);
     result = result(2:length(result));
 end
diff --git a/concore_iport.m b/concore_iport.m
index 128252e..16ca2b7 100644
--- a/concore_iport.m
+++ b/concore_iport.m
@@ -7,7 +7,9 @@
         if isequal(s(i:i+length(target)-1),target)
             for j = i+length(target):length(s)
                 if isequal(s(j),',')||isequal(s(j),'}')
-                   result = eval(s(i+length(target):j-1));
+                   % Safe numeric parsing (replaces unsafe eval)
+                   port_str = strtrim(s(i+length(target):j-1));
+                   result = sscanf(port_str, '%f');
                    return
                 end
             end
diff --git a/concore_read.m b/concore_read.m
index ba32c7b..2abd8e3 100644
--- a/concore_read.m
+++ b/concore_read.m
@@ -25,7 +25,10 @@
          ins = inistr;
      end
      concore.s = strcat(concore.s, ins);
-     result = eval(ins);
+     % Safe numeric parsing (replaces unsafe eval)
+     clean_str = strtrim(ins);
+     clean_str = regexprep(clean_str, '[\[\]]', '');
+     result = sscanf(clean_str, '%f').';
      concore.simtime = max(concore.simtime,result(1));
      result = result(2:length(result));
 end

From f2096895bc28c888909bd6556127cb1f7f0d6f5e Mon Sep 17 00:00:00 2001
From: Pradeeban Kathiravelu <kk.pradeeban@gmail.com>
Date: Wed, 11 Feb 2026 11:42:00 -0900
Subject: [PATCH 2/8] Update concore_initval.m

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 concore_initval.m | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/concore_initval.m b/concore_initval.m
index da3b5a0..8e9e175 100644
--- a/concore_initval.m
+++ b/concore_initval.m
@@ -4,6 +4,16 @@
     clean_str = strtrim(simtime_val);
     clean_str = regexprep(clean_str, '[\[\]]', '');
     result = sscanf(clean_str, '%f').';
+    % Guard against empty or invalid numeric input
+    if isempty(result)
+        concore.simtime = 0;
+        result = [];
+        return;
+    end
     concore.simtime = result(1);
-    result = result(2:length(result));
+    if numel(result) >= 2
+        result = result(2:end);
+    else
+        result = [];
+    end
 end

From 0371a284d1cc4f3520ed0c5020ef77d9ef4babed Mon Sep 17 00:00:00 2001
From: Pradeeban Kathiravelu <kk.pradeeban@gmail.com>
Date: Wed, 11 Feb 2026 11:42:14 -0900
Subject: [PATCH 3/8] Update concore_default_maxtime.m

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 concore_default_maxtime.m | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/concore_default_maxtime.m b/concore_default_maxtime.m
index 81ce693..489187d 100644
--- a/concore_default_maxtime.m
+++ b/concore_default_maxtime.m
@@ -6,7 +6,14 @@ function concore_default_maxtime(default)
         % Safe numeric parsing (replaces unsafe eval)
         clean_str = strtrim(instr);
         clean_str = regexprep(clean_str, '[\[\]]', '');
-        concore.maxtime = sscanf(clean_str, '%f');
+        % Normalize commas to whitespace so sscanf can parse all tokens
+        clean_str = strrep(clean_str, ',', ' ');
+        parsed_values = sscanf(clean_str, '%f');
+        if numel(parsed_values) == 1
+            concore.maxtime = parsed_values;
+        else
+            concore.maxtime = default;
+        end
         fclose(maxfile);
     catch exc 
         concore.maxtime = default;

From 1966e9d94de8369aad3895d129e38f0625ae7998 Mon Sep 17 00:00:00 2001
From: Pradeeban Kathiravelu <kk.pradeeban@gmail.com>
Date: Wed, 11 Feb 2026 11:42:24 -0900
Subject: [PATCH 4/8] Update concore_iport.m

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 concore_iport.m | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/concore_iport.m b/concore_iport.m
index 16ca2b7..8a2146f 100644
--- a/concore_iport.m
+++ b/concore_iport.m
@@ -10,6 +10,10 @@
                    % Safe numeric parsing (replaces unsafe eval)
                    port_str = strtrim(s(i+length(target):j-1));
                    result = sscanf(port_str, '%f');
+                   if isempty(result)
+                       % Keep the initialized default value (0) if parsing fails
+                       result = 0;
+                   end
                    return
                 end
             end

From 23df70f8e229c12fabccb8ebe4ff5539d6a2979d Mon Sep 17 00:00:00 2001
From: Pradeeban Kathiravelu <kk.pradeeban@gmail.com>
Date: Wed, 11 Feb 2026 11:43:00 -0900
Subject: [PATCH 5/8] Update concore_read.m

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 concore_read.m | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/concore_read.m b/concore_read.m
index 2abd8e3..69de9ff 100644
--- a/concore_read.m
+++ b/concore_read.m
@@ -28,6 +28,8 @@
      % Safe numeric parsing (replaces unsafe eval)
      clean_str = strtrim(ins);
      clean_str = regexprep(clean_str, '[\[\]]', '');
+     % Normalize comma delimiters to whitespace so sscanf parses all values
+     clean_str = strrep(clean_str, ',', ' ');
      result = sscanf(clean_str, '%f').';
      concore.simtime = max(concore.simtime,result(1));
      result = result(2:length(result));

From b600bedf36d182fe5004bae0a5084d775f1ec1d5 Mon Sep 17 00:00:00 2001
From: Pradeeban Kathiravelu <kk.pradeeban@gmail.com>
Date: Wed, 11 Feb 2026 11:43:09 -0900
Subject: [PATCH 6/8] Update concore_read.m

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 concore_read.m | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/concore_read.m b/concore_read.m
index 69de9ff..b4ed1bc 100644
--- a/concore_read.m
+++ b/concore_read.m
@@ -31,6 +31,15 @@
      % Normalize comma delimiters to whitespace so sscanf parses all values
      clean_str = strrep(clean_str, ',', ' ');
      result = sscanf(clean_str, '%f').';
-     concore.simtime = max(concore.simtime,result(1));
-     result = result(2:length(result));
+     % Guard against empty parse result to avoid indexing errors
+     if isempty(result)
+         result = [];
+         return;
+     end
+     concore.simtime = max(concore.simtime, result(1));
+     if numel(result) > 1
+         result = result(2:end);
+     else
+         result = [];
+     end
 end

From ec4e9f0ce18601a83f2ccb46d2a4e7d7ad703f51 Mon Sep 17 00:00:00 2001
From: Pradeeban Kathiravelu <kk.pradeeban@gmail.com>
Date: Wed, 11 Feb 2026 11:43:18 -0900
Subject: [PATCH 7/8] Update concore_initval.m

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 concore_initval.m | 1 +
 1 file changed, 1 insertion(+)

diff --git a/concore_initval.m b/concore_initval.m
index 8e9e175..4b92b31 100644
--- a/concore_initval.m
+++ b/concore_initval.m
@@ -3,6 +3,7 @@
     % Safe numeric parsing (replaces unsafe eval)
     clean_str = strtrim(simtime_val);
     clean_str = regexprep(clean_str, '[\[\]]', '');
+    clean_str = strrep(clean_str, ',', ' ');
     result = sscanf(clean_str, '%f').';
     % Guard against empty or invalid numeric input
     if isempty(result)

From 764bc1a95fec57708d02d774e99dd22c79bbe2d5 Mon Sep 17 00:00:00 2001
From: Ganesh Patil <7030871503ganeshpatil@gmail.com>
Date: Thu, 12 Feb 2026 02:20:41 +0530
Subject: [PATCH 8/8] Security: Also fix eval() in concore_oport.m

---
 concore_oport.m | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/concore_oport.m b/concore_oport.m
index 9cbe3de..a9ed01b 100644
--- a/concore_oport.m
+++ b/concore_oport.m
@@ -7,7 +7,9 @@
         if isequal(s(i:i+length(target)-1),target)
             for j = i+length(target):length(s)
                 if isequal(s(j),',')||isequal(s(j),'}')
-                   result = eval(s(i+length(target):j-1));
+                   % Safe numeric parsing (replaces unsafe eval)
+                   port_str = strtrim(s(i+length(target):j-1));
+                   result = sscanf(port_str, '%f');
                    return
                 end
             end