Feature #14245
closedAdd File.read etc.
Description
Some people use File.open without knowing that it's defined in IO and pipes can be opened.
p File.read("|echo hello") #-> "hello"
How about to add File.read, File.binread, File.foreach etc. (similar version to File.open)?
Code like File.read(filename) is considered to have no intention to open pipes.
Implementation by prelude.rb is suggested by normalperson in #14239:
I like that idea, I've been rewriting some stuff to use
"File.open(filename, &:read)" instead of IO.read.Now, can we implement these new singleton methods in
prelude.rb instead of writing in C? :)
Files
Updated by shugo (Shugo Maeda) almost 7 years ago
- Related to Bug #14239: warn open("|...") added
Updated by akr (Akira Tanaka) almost 7 years ago
If I understand this proposal correctly,
this proposal means that adding File.read method and
doesn't change IO.read method?
I.e. IO.read("|command") is works as now?.
I think it is possible direction.
Apart from that, we should list all affected methods explicitly (without "etc.").
Updated by shevegen (Robert A. Heiler) almost 7 years ago
Code like File.read(filename) is considered to
have no intention to open pipes.
When added, the documentation should also
briefly mention the reference to pipes.
For example, a few months ago I did not even know
about the leading '|' character - I first saw it
on the ruby issue tracker. :)
Current link to File is here:
Updated by shugo (Shugo Maeda) almost 7 years ago
akr (Akira Tanaka) wrote:
If I understand this proposal correctly,
this proposal means that adding File.read method and
doesn't change IO.read method?
I.e. IO.read("|command") is works as now?.
Yes.
Apart from that, we should list all affected methods explicitly (without "etc.").
The following methods will be affected:
- read
- binread
- write
- binwrite
- foreach
- readlines
Updated by matz (Yukihiro Matsumoto) almost 7 years ago
Agreed for mostly security reasons.
Matz.
Updated by shugo (Shugo Maeda) almost 7 years ago
matz (Yukihiro Matsumoto) wrote:
Agreed for mostly security reasons.
Is this incompatibility acceptable in Ruby 2.6?
Updated by shugo (Shugo Maeda) almost 7 years ago
- File 0001-io.c.patch 0001-io.c.patch added
I've made a patch.
Updated by shugo (Shugo Maeda) almost 7 years ago
- Status changed from Open to Closed
Applied in changeset trunk|r62857.
io.c: Methods of File should not invoke external commands
For security reasons, File.read, File.binread, File.write, File.binwrite,
File.foreach, and File.readlines should not invoke external commands even
if the path starts with the pipe character |.
[ruby-core:84495] [Feature #14245]