Call IO.popen with an Array of command arguments (#518).
#519
Commits on Oct 11, 2022
-
Call
IO.popenwith an Array of command arguments (#518).* By calling `IO.popen` with an Array of command arguments (ex: `['ls', '-l', ...]`) it runs the command as a separate process instead of running it in a sub-shell as a shell command. This prevents any arbitrary command injection or env variable interpolation, without needing complex shell-escaping logic. https://ruby-doc.org/core-3.1.2/IO.html#method-c-popen * Changed `Configuration#executable` to return a String or an Array for when xvfb mode is enabled. * Changed `PDFKit#command` to return an Array of command arguments for `IO.popen`. * Removed argument quoting logic as it's not necessary when calling `IO.popen` with an Array of arguments. * Rewrote some specs to test if the command's Array of arguments contains specific argument values. * Added a custom RSpec `contain` matcher for testing if an expected Array exists within another Array.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.