Bug #11915
closed
File.read reading string starting with | executes it.
Description
puts File.read "|/bin/ls"
[output of executing ls]
=> nil
This is quite surprising behaviour.
It is one thing that some of the .open methods actually can execute stuff, but a method named 'read' should not behave like that.
Updated by nobu (Nobuyoshi Nakada) almost 10 years ago
- Description updated (diff)
Linus Sellberg wrote:
It is one thing that some of the
.openmethods actually can execute stuff, but a method named 'read' should not behave like that.
File.open does not.
Some class methods of IO, e.g. IO.foreach and IO.read, deal with a pipeline.
Seems a documentation issue.
Updated by yxhuvud (Linus Sellberg) almost 10 years ago
Nobuyoshi Nakada wrote:
Linus Sellberg wrote:
It is one thing that some of the
.openmethods actually can execute stuff, but a method named 'read' should not behave like that.
File.opendoes not.
But File.read DOES. Which is what I find wrong. That File.open doesn't is another reason to not have .read do that.
Updated by avit (Andrew Vit) almost 10 years ago
People should (hopefully) always read files with an absolute path prefix, but something like this could be surprising:
userinput = "|env"
Dir.chdir("/app/public/downloads") do
puts File.read(userinput)
end
(Yes, it's a contrived example.)
It makes sense if IO handles pipes, but File should probably mean real files.
Updated by jeremyevans0 (Jeremy Evans) over 6 years ago
- Status changed from Open to Closed
This was fixed in Ruby 2.6:
$ ruby26 -e 'File.read "|/bin/ls"'
Traceback (most recent call last):
1: from -e:1:in `<main>'
-e:1:in `read': No such file or directory @ rb_sysopen - |/bin/ls (Errno::ENOENT)