Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/envato/safe_shell
Safely execute shell commands and get their output.
https://github.com/envato/safe_shell
Last synced: about 2 months ago
JSON representation
Safely execute shell commands and get their output.
- Host: GitHub
- URL: https://github.com/envato/safe_shell
- Owner: envato
- License: mit
- Created: 2010-11-08T04:42:21.000Z (almost 14 years ago)
- Default Branch: master
- Last Pushed: 2023-01-16T19:52:47.000Z (over 1 year ago)
- Last Synced: 2024-07-23T21:38:40.117Z (about 2 months ago)
- Language: Ruby
- Homepage:
- Size: 24.4 KB
- Stars: 74
- Watchers: 86
- Forks: 9
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# SafeShell
SafeShell lets you execute shell commands and get the resulting output, but without the security problems of Ruby's backtick operator.
## Usage
Install gem:
```sh
gem install safe_shell
```
Use gem:
```ruby
require 'safe_shell'
SafeShell.execute("echo", "Hello, world!")
```
SafeShell sets the $? operator to the process status, in the same manner as the backtick operator.
```ruby
# Send stdout and stderr to files:
SafeShell.execute("echo", "Hello, world!", :stdout => "output.txt", :stderr => "error.txt")
# Send additional environment variables:
SafeShell.execute("echo", "Hello, world!", :env => { 'name' => 'john', 'foo' => 'bar' })
# Return true if the command exits with a zero status:
SafeShell.execute?("echo", "Hello, world!")
# Raise an exception if the command exits with a non-zero status:
SafeShell.execute!("echo", "Hello, world!")
```
## Why?
If you use backticks to process a file supplied by a user, a carefully crafted filename could allow execution of an arbitrary command:
```ruby
file = ";blah"
`echo #{file}`
sh: blah: command not found
=> "\n"
```
SafeShell solves this.
```ruby
SafeShell.execute("echo", file)
=> ";blah\n"
```
## Compatibility
Tested with Ruby 2.0.0 or newer, but it should be happy on pretty much any Ruby version. Maybe not so much on Windows.
## Test
```sh
bundle exec rake
````
## Developing
* Fork the project.
* Make your feature addition or bug fix.
* Add tests for it. This is important so I don't break it in a
future version unintentionally.
* Commit, do not mess with rakefile, version, or history.
(if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
* Send me a pull request. Bonus points for topic branches.
## Status
In use on at least one big site, so should be pretty solid. There's not much to it, so I'm not expecting there'll be many releases.
## Copyright
Copyright (c) 2010 - 2015 Envato, Ian Leitch, & Pete Yandell. See LICENSE for details.