Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://docs.ruby-lang.org/en/master/command_injection_rdoc.html below:

command_injection - Documentation for Ruby 3.5

Some Ruby core methods accept string data that includes text to be executed as a system command.

They should not be called with unknown or unsanitized commands.

These methods include:

• Kernel.exec

• Kernel.spawn

• Kernel.system

• `command` (backtick method) (also called by the expression %x[command]).

• IO.popen (when called with other than "-").

Some methods execute a system command only if the given path name starts with a |:

• Kernel.open(command).

• IO.read(command).

• IO.write(command).

• IO.binread(command).

• IO.binwrite(command).

• IO.readlines(command).

• IO.foreach(command).

• URI.open(command).

Note that some of these methods do not execute commands when called from subclass File:

• File.read(path).

• File.write(path).

• File.binread(path).

• File.binwrite(path).

• File.readlines(path).

• File.foreach(path).

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4