IOclass must be avoided RB-A1012
Calls to methods in the
IO class must be avoided unless a command needs to be invoked intentionally.
If the argument starts with a pipe character (
'|') and the receiver is the
IO class, a subprocess is created in the same way as
Kernel#open, and its output is returned.
Kernel#open may allow unintentional command injection, which is the reason these
IO methods are a security risk. Consider using
File.read to protect yourself against the unintended subprocess invocation.
File.read(path) File.read('path') IO.read('| command') # Allow intentional command invocation.