Issue #19630 has been updated by nobu (Nobuyoshi Nakada). postmodern (Hal Brodigan) wrote in #note-8:
I was unaware that these methods can accept `|command` style inputs. Based on the stdlib documentation, the first argument is called `name` and the examples show reading from `testfile`, which implies to me they should only read from files. We could at first deprecate `Kernel.open` and see how much impact it has on users complaining about deprecation warnings, or we could start with the other `IO` methods?
I'm against deprecating pipe in `IO` methods. It is intentionally kept quiet, unlike `File`. ---------------------------------------- Feature #19630: [RFC] Deprecate `Kernel.open("|command-here")` due to frequent security issues https://bugs.ruby-lang.org/issues/19630#change-103503 * Author: postmodern (Hal Brodigan) * Status: Open * Priority: Normal ---------------------------------------- `Kernel.open()` is the source of numerous [1] security [2] issues [3], due to the fact that it can be used to execute commands if given a String argument of the form `"|command-here"`. However, in most uses of `Kernel.open()` the developer appears to either want to open a local file, or if 'open-uri' was explicitly required open a remote URI. We should deprecate calling `Kernel.open()` with a `"|command-here"` style arguments, with a warning message instructing the developer to use `IO.popen()` instead. Eventually, support for `Kernel.open("|command-here")` could be removed completely, in favor of having the developer explicitly call `IO.popen()` or `URI.open()`. [1]: https://45w1nkv.medium.com/ruby-code-vulnerability-analysis-confirmsnssubscr... [2]: https://bishopfox.com/blog/ruby-vulnerabilities-exploits [3]: https://blog.heroku.com/identifying-ruby-ftp-cve -- https://bugs.ruby-lang.org/