Project

General

Profile

Actions

Feature #14245

closed

Add File.read etc.

Added by shugo (Shugo Maeda) almost 7 years ago. Updated over 6 years ago.

Status:
Closed
Assignee:
-
Target version:
-
[ruby-core:84495]

Description

Some people use File.open without knowing that it's defined in IO and pipes can be opened.

p File.read("|echo hello") #-> "hello"

How about to add File.read, File.binread, File.foreach etc. (similar version to File.open)?
Code like File.read(filename) is considered to have no intention to open pipes.

Implementation by prelude.rb is suggested by normalperson in #14239:

I like that idea, I've been rewriting some stuff to use
"File.open(filename, &:read)" instead of IO.read.

Now, can we implement these new singleton methods in
prelude.rb instead of writing in C? :)


Files

0001-io.c.patch (2.39 KB) 0001-io.c.patch shugo (Shugo Maeda), 03/17/2018 11:47 AM

Related issues 1 (0 open1 closed)

Related to Ruby master - Bug #14239: warn open("|...")ClosedActions
Actions #1

Updated by shugo (Shugo Maeda) almost 7 years ago

Actions #2

Updated by shugo (Shugo Maeda) almost 7 years ago

  • Description updated (diff)

Updated by akr (Akira Tanaka) almost 7 years ago

If I understand this proposal correctly,
this proposal means that adding File.read method and
doesn't change IO.read method?
I.e. IO.read("|command") is works as now?.

I think it is possible direction.

Apart from that, we should list all affected methods explicitly (without "etc.").

Updated by shevegen (Robert A. Heiler) almost 7 years ago

Code like File.read(filename) is considered to
have no intention to open pipes.

When added, the documentation should also
briefly mention the reference to pipes.

For example, a few months ago I did not even know
about the leading '|' character - I first saw it
on the ruby issue tracker. :)

Current link to File is here:

https://ruby-doc.org/core/File.html

Updated by shugo (Shugo Maeda) over 6 years ago

akr (Akira Tanaka) wrote:

If I understand this proposal correctly,
this proposal means that adding File.read method and
doesn't change IO.read method?
I.e. IO.read("|command") is works as now?.

Yes.

Apart from that, we should list all affected methods explicitly (without "etc.").

The following methods will be affected:

  • read
  • binread
  • write
  • binwrite
  • foreach
  • readlines

Updated by matz (Yukihiro Matsumoto) over 6 years ago

Agreed for mostly security reasons.

Matz.

Updated by shugo (Shugo Maeda) over 6 years ago

matz (Yukihiro Matsumoto) wrote:

Agreed for mostly security reasons.

Is this incompatibility acceptable in Ruby 2.6?

Updated by shugo (Shugo Maeda) over 6 years ago

I've made a patch.

Actions #9

Updated by shugo (Shugo Maeda) over 6 years ago

  • Status changed from Open to Closed

Applied in changeset trunk|r62857.


io.c: Methods of File should not invoke external commands

For security reasons, File.read, File.binread, File.write, File.binwrite,
File.foreach, and File.readlines should not invoke external commands even
if the path starts with the pipe character |.
[ruby-core:84495] [Feature #14245]

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0Like0Like0