Bug #11915
closedFile.read reading string starting with | executes it.
Description
puts File.read "|/bin/ls"
[output of executing ls]
=> nil
This is quite surprising behaviour.
It is one thing that some of the .open
methods actually can execute stuff, but a method named 'read' should not behave like that.
Updated by nobu (Nobuyoshi Nakada) almost 9 years ago
- Description updated (diff)
Linus Sellberg wrote:
It is one thing that some of the
.open
methods actually can execute stuff, but a method named 'read' should not behave like that.
File.open
does not.
Some class methods of IO
, e.g. IO.foreach
and IO.read
, deal with a pipeline.
Seems a documentation issue.
Updated by yxhuvud (Linus Sellberg) almost 9 years ago
Nobuyoshi Nakada wrote:
Linus Sellberg wrote:
It is one thing that some of the
.open
methods actually can execute stuff, but a method named 'read' should not behave like that.
File.open
does not.
But File.read DOES. Which is what I find wrong. That File.open doesn't is another reason to not have .read do that.
Updated by avit (Andrew Vit) almost 9 years ago
People should (hopefully) always read files with an absolute path prefix, but something like this could be surprising:
userinput = "|env"
Dir.chdir("/app/public/downloads") do
puts File.read(userinput)
end
(Yes, it's a contrived example.)
It makes sense if IO handles pipes, but File should probably mean real files.
Updated by jeremyevans0 (Jeremy Evans) over 5 years ago
- Status changed from Open to Closed
This was fixed in Ruby 2.6:
$ ruby26 -e 'File.read "|/bin/ls"'
Traceback (most recent call last):
1: from -e:1:in `<main>'
-e:1:in `read': No such file or directory @ rb_sysopen - |/bin/ls (Errno::ENOENT)