Project

General

Profile

Bug #14239

warn open("|...")

Added by akr (Akira Tanaka) 10 months ago. Updated 7 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
[ruby-core:84460]

Description

Recently we found open("|...") is tend to be misused.

Many people uses this method without concerning that it can run a process.

I think it should be deprecated.

So, I propose that ruby warns open("|...").
(and remove this process invoking feature in long term)


Related issues

Related to Ruby trunk - Feature #14245: Add File.read etc.Closed

Associated revisions

Revision 61320
Added by nobu (Nobuyoshi Nakada) 10 months ago

io.c: opening external command

  • io.c (rb_io_open_generic): try to open the named file as usual, if klass is not IO nor File, so that Errno::ENOENT will be raised probably. calling on File will be same in the future.

From: Nobuyoshi Nakada nobu@ruby-lang.org

History

#1 [ruby-core:84461] Updated by normalperson (Eric Wong) 10 months ago

akr@fsij.org wrote:

Recently we found open("|...") is tend to be misused.

Many people uses this method without concerning that it can run a process.

I think it should be deprecated.

So, I propose that ruby warns open("|...").

Agreed. I assume this includes IO.read/binread/readlines/...?

(and remove this process invoking feature in long term)

I don't know about removal (maybe Ruby 3.x). I prefer
we be very conservative when removing (mis)features.

#2 [ruby-core:84464] Updated by matz (Yukihiro Matsumoto) 10 months ago

Agreed for warnings.

For removing, I think we have to wait for 3.0.

Matz.

#3 [ruby-core:84492] Updated by shugo (Shugo Maeda) 10 months ago

matz (Yukihiro Matsumoto) wrote:

Agreed for warnings.

For removing, I think we have to wait for 3.0.

How about to add File.read etc. (similar to File.open) in 2.6?
Code like File.read(filename) is considered to have no intention to open pipes.

#4 [ruby-core:84493] Updated by akr (Akira Tanaka) 10 months ago

normalperson (Eric Wong) wrote:

Agreed. I assume this includes IO.read/binread/readlines/...?

I intent this ticket is just for the open method.

For other methods, nobu already added warnings for
File.read("|echo a"), etc.
But the warning is not produced for IO.read("|echo a").

% ruby -e 'IO.read("|echo a")'
% ruby -e 'File.read("|echo a")'
-e:1: warning: IO.read called on File to invoke external command

I feel this is an acceptable warning behavior.
If it is not good enough, please open a new ticket.

#5 [ruby-core:84494] Updated by normalperson (Eric Wong) 10 months ago

shugo@ruby-lang.org wrote:

How about to add File.read etc. (similar to File.open) in 2.6?
Code like File.read(filename) is considered to have no intention to open pipes.

I like that idea, I've been rewriting some stuff to use
"File.open(filename, &:read)" instead of IO.read.

Now, can we implement these new singleton methods in
prelude.rb instead of writing in C? :)

#6 Updated by shugo (Shugo Maeda) 10 months ago

#7 [ruby-core:84496] Updated by shugo (Shugo Maeda) 10 months ago

normalperson (Eric Wong) wrote:

I like that idea, I've been rewriting some stuff to use
"File.open(filename, &:read)" instead of IO.read.

Now, can we implement these new singleton methods in
prelude.rb instead of writing in C? :)

Thanks for your suggestion.
I've created a new ticket #14245.

#8 Updated by nobu (Nobuyoshi Nakada) 7 months ago

  • Backport changed from 2.3: UNKNOWN, 2.4: UNKNOWN, 2.5: UNKNOWN to 2.3: UNKNOWN, 2.4: UNKNOWN, 2.5: DONTNEED
  • Status changed from Open to Closed

Also available in: Atom PDF