6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"Calling shell command from ruby with proper argument escaping\",\"text\":\"

I want to do the following securely

\\n\\n

system \\\"echo '#{params[:message]}' > /dev/log\\\"\\n

\\n\\n

What is the proper way for escaping arguments when calling a native command?

\\n\\n

(Example evil input: '; rm -Rf *; echo 'I won.)

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Notinlist\"},\"upvoteCount\":10,\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"

If you do

\\n\\n

system \\\"echo\\\", params[:message]\\n

\\n\\n

Then the second argument, will be sent as an argument, it will not be executed.

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Rob Di Marco\"},\"upvoteCount\":16}}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","ruby",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/ruby/1","children":"ruby"}]}],["$","span","shell",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/shell/1","children":"shell"}]}],["$","span","escaping",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/escaping/1","children":"escaping"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/bdef8bbea2467810a6a8164fc41db6e7?s=256&d=identicon&r=PG","alt":"Notinlist","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/163454/notinlist","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Notinlist"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",16640]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"Calling shell command from ruby with proper argument escaping"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

I want to do the following securely

\n\n

system \"echo '#{params[:message]}' > /dev/log\"\n

\n\n

What is the proper way for escaping arguments when calling a native command?

\n\n

(Example evil input: '; rm -Rf *; echo 'I won.)

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",10]}],["$","p",null,{"children":["Views: ",1954]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","5948901",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/bb4bebe360045a2dce663ee875f13723?s=256&d=identicon&r=PG","alt":"Rob Di Marco","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/24195/rob-di-marco","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Rob Di Marco"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",44952]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

If you do

\n\n

system \"echo\", params[:message]\n

\n\n

Then the second argument, will be sent as an argument, it will not be executed.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",16]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","28356308",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/28356308","className":"text-blue-600 hover:underline","children":"Escaping single quotes for shell"}]}],["$","li","6921599",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/6921599","className":"text-blue-600 hover:underline","children":"Ruby escape ARGV argument or string as argument to shell command"}]}],["$","li","44267039",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/44267039","className":"text-blue-600 hover:underline","children":"Ruby shell command with double quotes"}]}],["$","li","37905710",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/37905710","className":"text-blue-600 hover:underline","children":"How to pass a ruby script's output as arguments to a shell command using command substitution?"}]}],["$","li","27623072",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/27623072","className":"text-blue-600 hover:underline","children":"Ruby Escaping Arguments Inside Backticks Shell"}]}],["$","li","28307289",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/28307289","className":"text-blue-600 hover:underline","children":"Properly escaping shell arguments in Ruby"}]}],["$","li","18149234",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/18149234","className":"text-blue-600 hover:underline","children":"Take in escaped input in Ruby command line app"}]}],["$","li","14906578",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/14906578","className":"text-blue-600 hover:underline","children":"ruby unicode escapes as command line arguments"}]}],["$","li","11194721",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/11194721","className":"text-blue-600 hover:underline","children":"Ruby string with quotes for shell command args?"}]}],["$","li","5949008",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/5949008","className":"text-blue-600 hover:underline","children":"Executing shell command in background from ruby with proper argument escaping"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

Calling shell command from ruby with proper argument escaping

Answers (1)

Related Questions