From d2343368ab7e270118ea6baa9c6418bfed83135c Mon Sep 17 00:00:00 2001 From: Mike Dalessio Date: Wed, 7 Jun 2023 10:05:04 -0400 Subject: Deprecate Kernel#open and IO support for subprocess creation/forking Deprecate Kernel#open and IO support for subprocess creation and forking. This deprecates subprocess creation and forking in - Kernel#open - URI.open - IO.binread - IO.foreach - IO.readlines - IO.read - IO.write This behavior is slated to be removed in Ruby 4.0 [Feature #19630] --- doc/command_injection.rdoc | 2 ++ 1 file changed, 2 insertions(+) (limited to 'doc') diff --git a/doc/command_injection.rdoc b/doc/command_injection.rdoc index af09be23f0..4408b1839d 100644 --- a/doc/command_injection.rdoc +++ b/doc/command_injection.rdoc @@ -8,6 +8,7 @@ They should not be called with unknown or unsanitized commands. These methods include: - Kernel.system +- Kernel.open - {\`command` (backtick method)}[rdoc-ref:Kernel#`] (also called by the expression %x[command]). - IO.popen(command). @@ -17,6 +18,7 @@ These methods include: - IO.binwrite(command). - IO.readlines(command). - IO.foreach(command). +- URI.open(command). Note that some of these methods do not execute commands when called from subclass \File: -- cgit v1.2.3