Bug #14765
closedArguments passed to Open3.popen3() are not interpreted as wildcards
Description
In console when we write
stdin, stdout, stderr, wait_thr = Open3.popen4("cat .*.yml")
stdout.readlines
All the files with names starting with .
and ending in .yml
are shown
But when we do
stdin, stdout, stderr, wait_thr = Open3.popen4("cat", ".*.yml")
stdout.readlines
It returns an empty array
stderr.readlines
says ["cat: .*.yml: No such file or directory\n"]
Because it is interpreting the string arguments as it is and looking for a file with name .*.yml
and not interpreting as in the first case.
Updated by Rushyanth (Rushyanth reddy) almost 6 years ago
In console when we write
stdin, stdout, stderr, wait_thr = Open3.popen3("cat .*.yml")
All the files with names starting with .
and ending in .yml
are shown
But when we do
stdin, stdout, stderr, wait_thr = Open3.popen3("cat", ".*.yml")
It returns an empty array
stderr.readlines
says
["cat: .*.yml: No such file or directory\n"]
Because it is interpreting the string arguments as it is and looking for a file with name .*.yml
and not interpreting as in the first case.
Updated by Rushyanth (Rushyanth reddy) almost 6 years ago
- Tracker changed from Feature to Bug
- Backport set to 2.3: UNKNOWN, 2.4: UNKNOWN, 2.5: UNKNOWN
Updated by nobu (Nobuyoshi Nakada) almost 6 years ago
- Subject changed from Arguments passed to Open3.popen3() are not interpreted as regular expressions to Arguments passed to Open3.popen3() are not interpreted as wildcards
- Description updated (diff)
What's Open3.popen4
?
The bundled library open3.rb does not provide such method.
Maybe a third party's method?
Updated by Rushyanth (Rushyanth reddy) almost 6 years ago
Sorry my bad. That was typing error while raising the issue. Its actually Open3.popen3()
. Its mentioned correctly in the subject
Updated by akr (Akira Tanaka) almost 6 years ago
- Status changed from Open to Rejected
wildcard expansion is done at shell.
If you need shell, specify a command line as one string.
Updated by nobu (Nobuyoshi Nakada) almost 6 years ago
Besides, the array form is to get rid of the expansion by the shell, which might cause security issues.
Updated by Rushyanth (Rushyanth reddy) almost 6 years ago
Suppose I have a variable
x = "abc"
I need to cat a file abc.yml
I write
Open3.popen3("cat #{x}.yml")
--------------------- (1)
This will lead to Command Injection warning.
So we need to pass the arguments seperately like
Open3.popen3("cat", x+".yml")
------------------- (2)
The second type will not lead to command Injection warning and both cases 1 and 2 work fine
But If I need to retrieve data of many files not just a single file.
Then I need to write
Open3.popen3("cat *.yml")
-------- (1)
or
Open3.popen3("cat", "*.yml")
------ (2)
The 1st case works fine but the second case fails .
Because in second case popen3
is interpreting its second argument *.yml
as a file name .
But *
should actually be interpreted as regular expression character where it retrieves all the file names ending in .yml
Updated by Hanmac (Hans Mackowiak) almost 6 years ago
popen3 uses Process.spawn and this does show this in the docs:
commandline : command line string which is passed to the standard shell
cmdname, arg1, ... : command name and one or more arguments (This form does not use the shell. See below for caveats.)
Updated by nobu (Nobuyoshi Nakada) almost 6 years ago
Open3.popen3("cat", *Dir.glob("*.yml"))