https://bugs.ruby-lang.org/https://bugs.ruby-lang.org/favicon.ico?17113305112017-12-27T08:27:53ZRuby Issue Tracking SystemRuby master - Feature #14245: Add File.read etc.https://bugs.ruby-lang.org/issues/14245?journal_id=690202017-12-27T08:27:53Zshugo (Shugo Maeda)
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-5 priority-4 priority-default closed" href="/issues/14239">Bug #14239</a>: warn open("|...")</i> added</li></ul> Ruby master - Feature #14245: Add File.read etc.https://bugs.ruby-lang.org/issues/14245?journal_id=690212017-12-27T08:28:22Zshugo (Shugo Maeda)
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/69021/diff?detail_id=47645">diff</a>)</li></ul> Ruby master - Feature #14245: Add File.read etc.https://bugs.ruby-lang.org/issues/14245?journal_id=690242017-12-27T10:01:08Zakr (Akira Tanaka)akr@fsij.org
<ul></ul><p>If I understand this proposal correctly,<br>
this proposal means that adding File.read method and<br>
doesn't change IO.read method?<br>
I.e. IO.read("|command") is works as now?.</p>
<p>I think it is possible direction.</p>
<p>Apart from that, we should list all affected methods explicitly (without "etc.").</p> Ruby master - Feature #14245: Add File.read etc.https://bugs.ruby-lang.org/issues/14245?journal_id=690322017-12-27T10:49:38Zshevegen (Robert A. Heiler)shevegen@gmail.com
<ul></ul><blockquote>
<p>Code like File.read(filename) is considered to<br>
have no intention to open pipes.</p>
</blockquote>
<p>When added, the documentation should also<br>
briefly mention the reference to pipes.</p>
<p>For example, a few months ago I did not even know<br>
about the leading '|' character - I first saw it<br>
on the ruby issue tracker. :)</p>
<p>Current link to File is here:</p>
<p><a href="https://ruby-doc.org/core/File.html" class="external">https://ruby-doc.org/core/File.html</a></p> Ruby master - Feature #14245: Add File.read etc.https://bugs.ruby-lang.org/issues/14245?journal_id=708082018-03-06T12:54:22Zshugo (Shugo Maeda)
<ul></ul><p>akr (Akira Tanaka) wrote:</p>
<blockquote>
<p>If I understand this proposal correctly,<br>
this proposal means that adding File.read method and<br>
doesn't change IO.read method?<br>
I.e. IO.read("|command") is works as now?.</p>
</blockquote>
<p>Yes.</p>
<blockquote>
<p>Apart from that, we should list all affected methods explicitly (without "etc.").</p>
</blockquote>
<p>The following methods will be affected:</p>
<ul>
<li>read</li>
<li>binread</li>
<li>write</li>
<li>binwrite</li>
<li>foreach</li>
<li>readlines</li>
</ul> Ruby master - Feature #14245: Add File.read etc.https://bugs.ruby-lang.org/issues/14245?journal_id=709952018-03-15T06:19:51Zmatz (Yukihiro Matsumoto)matz@ruby.or.jp
<ul></ul><p>Agreed for mostly security reasons.</p>
<p>Matz.</p> Ruby master - Feature #14245: Add File.read etc.https://bugs.ruby-lang.org/issues/14245?journal_id=710082018-03-15T07:52:58Zshugo (Shugo Maeda)
<ul></ul><p>matz (Yukihiro Matsumoto) wrote:</p>
<blockquote>
<p>Agreed for mostly security reasons.</p>
</blockquote>
<p>Is this incompatibility acceptable in Ruby 2.6?</p> Ruby master - Feature #14245: Add File.read etc.https://bugs.ruby-lang.org/issues/14245?journal_id=710512018-03-17T11:49:37Zshugo (Shugo Maeda)
<ul><li><strong>File</strong> <a href="/attachments/7082">0001-io.c.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/7082/0001-io.c.patch">0001-io.c.patch</a> added</li></ul><p>I've made a patch.</p> Ruby master - Feature #14245: Add File.read etc.https://bugs.ruby-lang.org/issues/14245?journal_id=711092018-03-20T09:09:52Zshugo (Shugo Maeda)
<ul><li><strong>Status</strong> changed from <i>Open</i> to <i>Closed</i></li></ul><p>Applied in changeset trunk|r62857.</p>
<hr>
<p>io.c: Methods of File should not invoke external commands</p>
<p>For security reasons, File.read, File.binread, File.write, File.binwrite,<br>
File.foreach, and File.readlines should not invoke external commands even<br>
if the path starts with the pipe character |.<br>
<a href="/issues/14245">[ruby-core:84495]</a> [Feature <a class="issue tracker-2 status-5 priority-4 priority-default closed" title="Feature: Add File.read etc. (Closed)" href="https://bugs.ruby-lang.org/issues/14245">#14245</a>]</p>