mirror of
https://github.com/ruby/ruby.git
synced 2026-01-27 04:24:23 +00:00
[DOC] Remove outdated documentation about command injection
[Feature #19630] This dangerous behavior was removed in 4.0 (996cae65f3cc8fed60c6bb758b00882cac49389d) but the documentation wasn't updated.
This commit is contained in:
Jean Boussier
parent
553f1675f3
commit
35c140f92b
@ -13,25 +13,3 @@ These methods include:
|
||||
- {\`command` (backtick method)}[rdoc-ref:Kernel#`]
|
||||
(also called by the expression <tt>%x[command]</tt>).
|
||||
- IO.popen (when called with other than <tt>"-"</tt>).
|
||||
|
||||
Some methods execute a system command only if the given path name starts
|
||||
with a <tt>|</tt>:
|
||||
|
||||
- Kernel.open(command).
|
||||
- IO.read(command).
|
||||
- IO.write(command).
|
||||
- IO.binread(command).
|
||||
- IO.binwrite(command).
|
||||
- IO.readlines(command).
|
||||
- IO.foreach(command).
|
||||
- URI.open(command).
|
||||
|
||||
Note that some of these methods do not execute commands when called
|
||||
from subclass +File+:
|
||||
|
||||
- File.read(path).
|
||||
- File.write(path).
|
||||
- File.binread(path).
|
||||
- File.binwrite(path).
|
||||
- File.readlines(path).
|
||||
- File.foreach(path).
|
||||
|
||||
27
io.c
27
io.c
@ -8256,9 +8256,6 @@ rb_io_s_sysopen(int argc, VALUE *argv, VALUE _)
|
||||
*
|
||||
* Creates an IO object connected to the given file.
|
||||
*
|
||||
* This method has potential security vulnerabilities if called with untrusted input;
|
||||
* see {Command Injection}[rdoc-ref:security/command_injection.rdoc].
|
||||
*
|
||||
* With no block given, file stream is returned:
|
||||
*
|
||||
* open('t.txt') # => #<File:t.txt>
|
||||
@ -12054,10 +12051,6 @@ io_s_foreach(VALUE v)
|
||||
*
|
||||
* Calls the block with each successive line read from the stream.
|
||||
*
|
||||
* When called from class \IO (but not subclasses of \IO),
|
||||
* this method has potential security vulnerabilities if called with untrusted input;
|
||||
* see {Command Injection}[rdoc-ref:security/command_injection.rdoc].
|
||||
*
|
||||
* The first argument must be a string that is the path to a file.
|
||||
*
|
||||
* With only argument +path+ given, parses lines from the file at the given +path+,
|
||||
@ -12157,10 +12150,6 @@ io_s_readlines(VALUE v)
|
||||
*
|
||||
* Returns an array of all lines read from the stream.
|
||||
*
|
||||
* When called from class \IO (but not subclasses of \IO),
|
||||
* this method has potential security vulnerabilities if called with untrusted input;
|
||||
* see {Command Injection}[rdoc-ref:security/command_injection.rdoc].
|
||||
*
|
||||
* The first argument must be a string that is the path to a file.
|
||||
*
|
||||
* With only argument +path+ given, parses lines from the file at the given +path+,
|
||||
@ -12246,10 +12235,6 @@ seek_before_access(VALUE argp)
|
||||
* Opens the stream, reads and returns some or all of its content,
|
||||
* and closes the stream; returns +nil+ if no bytes were read.
|
||||
*
|
||||
* When called from class \IO (but not subclasses of \IO),
|
||||
* this method has potential security vulnerabilities if called with untrusted input;
|
||||
* see {Command Injection}[rdoc-ref:security/command_injection.rdoc].
|
||||
*
|
||||
* The first argument must be a string that is the path to a file.
|
||||
*
|
||||
* With only argument +path+ given, reads in text mode and returns the entire content
|
||||
@ -12317,10 +12302,6 @@ rb_io_s_read(int argc, VALUE *argv, VALUE io)
|
||||
* Behaves like IO.read, except that the stream is opened in binary mode
|
||||
* with ASCII-8BIT encoding.
|
||||
*
|
||||
* When called from class \IO (but not subclasses of \IO),
|
||||
* this method has potential security vulnerabilities if called with untrusted input;
|
||||
* see {Command Injection}[rdoc-ref:security/command_injection.rdoc].
|
||||
*
|
||||
*/
|
||||
|
||||
static VALUE
|
||||
@ -12421,10 +12402,6 @@ io_s_write(int argc, VALUE *argv, VALUE klass, int binary)
|
||||
* Opens the stream, writes the given +data+ to it,
|
||||
* and closes the stream; returns the number of bytes written.
|
||||
*
|
||||
* When called from class \IO (but not subclasses of \IO),
|
||||
* this method has potential security vulnerabilities if called with untrusted input;
|
||||
* see {Command Injection}[rdoc-ref:security/command_injection.rdoc].
|
||||
*
|
||||
* The first argument must be a string that is the path to a file.
|
||||
*
|
||||
* With only argument +path+ given, writes the given +data+ to the file at that path:
|
||||
@ -12471,10 +12448,6 @@ rb_io_s_write(int argc, VALUE *argv, VALUE io)
|
||||
* Behaves like IO.write, except that the stream is opened in binary mode
|
||||
* with ASCII-8BIT encoding.
|
||||
*
|
||||
* When called from class \IO (but not subclasses of \IO),
|
||||
* this method has potential security vulnerabilities if called with untrusted input;
|
||||
* see {Command Injection}[rdoc-ref:security/command_injection.rdoc].
|
||||
*
|
||||
*/
|
||||
|
||||
static VALUE
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user