Project

General

Profile

Actions

Bug #11915

closed

File.read reading string starting with | executes it.

Added by yxhuvud (Linus Sellberg) almost 9 years ago. Updated over 5 years ago.

Status:
Closed
Assignee:
-
Target version:
-
[ruby-core:72576]

Description

puts File.read "|/bin/ls"
[output of executing ls]
=> nil

This is quite surprising behaviour.

It is one thing that some of the .open methods actually can execute stuff, but a method named 'read' should not behave like that.

Updated by nobu (Nobuyoshi Nakada) almost 9 years ago

  • Description updated (diff)

Linus Sellberg wrote:

It is one thing that some of the .open methods actually can execute stuff, but a method named 'read' should not behave like that.

File.open does not.
Some class methods of IO, e.g. IO.foreach and IO.read, deal with a pipeline.

Seems a documentation issue.

Updated by yxhuvud (Linus Sellberg) almost 9 years ago

Nobuyoshi Nakada wrote:

Linus Sellberg wrote:

It is one thing that some of the .open methods actually can execute stuff, but a method named 'read' should not behave like that.

File.open does not.

But File.read DOES. Which is what I find wrong. That File.open doesn't is another reason to not have .read do that.

Updated by avit (Andrew Vit) almost 9 years ago

People should (hopefully) always read files with an absolute path prefix, but something like this could be surprising:

userinput = "|env"

Dir.chdir("/app/public/downloads") do
  puts File.read(userinput)
end

(Yes, it's a contrived example.)

It makes sense if IO handles pipes, but File should probably mean real files.

Updated by jeremyevans0 (Jeremy Evans) over 5 years ago

  • Status changed from Open to Closed

This was fixed in Ruby 2.6:

$ ruby26 -e 'File.read "|/bin/ls"'
Traceback (most recent call last):
        1: from -e:1:in `<main>'
-e:1:in `read': No such file or directory @ rb_sysopen - |/bin/ls (Errno::ENOENT)
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0