Project

General

Profile

Bug #14239

warn open("|...")

Added by akr (Akira Tanaka) over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
[ruby-core:84460]

Description

Recently we found open("|...") is tend to be misused.

Many people uses this method without concerning that it can run a process.

I think it should be deprecated.

So, I propose that ruby warns open("|...").
(and remove this process invoking feature in long term)


Related issues

Related to Ruby master - Feature #14245: Add File.read etc.ClosedActions

Associated revisions

Revision 61320
Added by nobu (Nobuyoshi Nakada) over 1 year ago

io.c: opening external command

  • io.c (rb_io_open_generic): try to open the named file as usual, if klass is not IO nor File, so that Errno::ENOENT will be raised probably. calling on File will be same in the future.

From: Nobuyoshi Nakada nobu@ruby-lang.org

History

Updated by normalperson (Eric Wong) over 1 year ago

akr@fsij.org wrote:

Recently we found open("|...") is tend to be misused.

Many people uses this method without concerning that it can run a process.

I think it should be deprecated.

So, I propose that ruby warns open("|...").

Agreed. I assume this includes IO.read/binread/readlines/...?

(and remove this process invoking feature in long term)

I don't know about removal (maybe Ruby 3.x). I prefer
we be very conservative when removing (mis)features.

Updated by matz (Yukihiro Matsumoto) over 1 year ago

Agreed for warnings.

For removing, I think we have to wait for 3.0.

Matz.

Updated by shugo (Shugo Maeda) over 1 year ago

matz (Yukihiro Matsumoto) wrote:

Agreed for warnings.

For removing, I think we have to wait for 3.0.

How about to add File.read etc. (similar to File.open) in 2.6?
Code like File.read(filename) is considered to have no intention to open pipes.

Updated by akr (Akira Tanaka) over 1 year ago

normalperson (Eric Wong) wrote:

Agreed. I assume this includes IO.read/binread/readlines/...?

I intent this ticket is just for the open method.

For other methods, nobu already added warnings for
File.read("|echo a"), etc.
But the warning is not produced for IO.read("|echo a").

% ruby -e 'IO.read("|echo a")'
% ruby -e 'File.read("|echo a")'
-e:1: warning: IO.read called on File to invoke external command

I feel this is an acceptable warning behavior.
If it is not good enough, please open a new ticket.

Updated by normalperson (Eric Wong) over 1 year ago

shugo@ruby-lang.org wrote:

How about to add File.read etc. (similar to File.open) in 2.6?
Code like File.read(filename) is considered to have no intention to open pipes.

I like that idea, I've been rewriting some stuff to use
"File.open(filename, &:read)" instead of IO.read.

Now, can we implement these new singleton methods in
prelude.rb instead of writing in C? :)

#6

Updated by shugo (Shugo Maeda) over 1 year ago

Updated by shugo (Shugo Maeda) over 1 year ago

normalperson (Eric Wong) wrote:

I like that idea, I've been rewriting some stuff to use
"File.open(filename, &:read)" instead of IO.read.

Now, can we implement these new singleton methods in
prelude.rb instead of writing in C? :)

Thanks for your suggestion.
I've created a new ticket #14245.

#8

Updated by nobu (Nobuyoshi Nakada) over 1 year ago

  • Backport changed from 2.3: UNKNOWN, 2.4: UNKNOWN, 2.5: UNKNOWN to 2.3: UNKNOWN, 2.4: UNKNOWN, 2.5: DONTNEED
  • Status changed from Open to Closed

Also available in: Atom PDF