Feature #14245
closed
Added by shugo (Shugo Maeda) almost 7 years ago.
Updated over 6 years ago.
Description
Some people use File.open without knowing that it's defined in IO and pipes can be opened.
p File.read("|echo hello") #-> "hello"
How about to add File.read, File.binread, File.foreach etc. (similar version to File.open)?
Code like File.read(filename) is considered to have no intention to open pipes.
Implementation by prelude.rb is suggested by normalperson in #14239:
I like that idea, I've been rewriting some stuff to use
"File.open(filename, &:read)" instead of IO.read.
Now, can we implement these new singleton methods in
prelude.rb instead of writing in C? :)
Files
- Description updated (diff)
If I understand this proposal correctly,
this proposal means that adding File.read method and
doesn't change IO.read method?
I.e. IO.read("|command") is works as now?.
I think it is possible direction.
Apart from that, we should list all affected methods explicitly (without "etc.").
Code like File.read(filename) is considered to
have no intention to open pipes.
When added, the documentation should also
briefly mention the reference to pipes.
For example, a few months ago I did not even know
about the leading '|' character - I first saw it
on the ruby issue tracker. :)
Current link to File is here:
https://ruby-doc.org/core/File.html
akr (Akira Tanaka) wrote:
If I understand this proposal correctly,
this proposal means that adding File.read method and
doesn't change IO.read method?
I.e. IO.read("|command") is works as now?.
Yes.
Apart from that, we should list all affected methods explicitly (without "etc.").
The following methods will be affected:
- read
- binread
- write
- binwrite
- foreach
- readlines
Agreed for mostly security reasons.
Matz.
matz (Yukihiro Matsumoto) wrote:
Agreed for mostly security reasons.
Is this incompatibility acceptable in Ruby 2.6?
- Status changed from Open to Closed
Applied in changeset trunk|r62857.
io.c: Methods of File should not invoke external commands
For security reasons, File.read, File.binread, File.write, File.binwrite,
File.foreach, and File.readlines should not invoke external commands even
if the path starts with the pipe character |.
[ruby-core:84495] [Feature #14245]
Also available in: Atom
PDF
Like0
Like0Like0Like0Like0Like0Like0Like0Like0Like0
Updated by 
Updated by 
Updated by 
Updated by