Hello all,

Does anyone know a way to do backtick interpolation while protecting the
command’s arguments from the shell, or bypassing the shell entirely? I’m
writing a script to rename badly named music files, and I have to pass the
bad name to vorbiscomment and read it’s output.

Apparently Kernel::` is a method, but I can’t figure out how to call it
with my own arguments. Is there a non-punctuation name for it? This
would only be useful if it could accept an argument list as an array and
not use the shell, as Kernel::system does.

Thanks,

I’m not sure I understand what you’re asking about backtick
interpolation. Can you give me a simple example of what you’d like the
backtick to do so I understand beter?

As for renaming a file, would File.rename do what you want? :

dcarrera ~ $ ls *.mp3
BadlyNamedFile.mp3
dcarrera ~ $ ruby -e ‘File.rename(“BadlyNamedFile.mp3”, “NewName.mp3”)’
dcarrera ~ $ ls *.mp3
NewName.mp3

“Tom Felker” tcfelker@mtco.com wrote in message

Does anyone know a way to do backtick interpolation while protecting the
command’s arguments from the shell, or bypassing the shell entirely?

I am not sure that I understand what you mean by “bypassing the shell”,
but will this work for you:

a=“%!(*”
%x{echo #{a}}

writing a script to rename badly named music files, and I have to pass the
bad name to vorbiscomment and read it’s output.

What is a “vorbiscomment” ?

Apparently Kernel::` is a method, but I can’t figure out how to call it
with my own arguments. Is there a non-punctuation name for it? This

Again, I do not understand this “call with my own arguments” part. Is this
some *ix lingo ? Pardon my ignorance.

would only be useful if it could accept an argument list as an array and
not use the shell, as Kernel::system does.

At least on Windows, both system and backtick use the shell…I think

Thanks,

Tom Felker, tcfelker@mtco.com

HTH,
– shanko

You can call it explicitly like this:

Kernel.send(:`, "ls /etc")

However unlike system, backtick doesn’t let you pass a line already broken
into arguments:

Kernel.send(:`, "ls", "/etc")
#>> ArgumentError: wrong number of arguments(2 for 1)

so that doesn’t help you.

Regards,

Brian.

oldName = “02_Ship_At_Sea_(Instrumental).ogg”
tags = Hash.new
vorbiscomment #{oldName}.each_line do |line|
key, value = line.split(“=”, 2)
tags[key.downcase] = value
end

…use tags to formulate proper filename and rename

Errors:

sh: -c: line 1: syntax error near unexpected token (' sh: -c: line 1: vorbiscomment 02_Ship_At_Sea_(Instrumental).ogg’
…

If you use system, you can pass the arguments in an array, and the shell
isn’t used, so you can have arguments that the shell would barf on.

system(“echo !@#$%^&”) == “”
system(“echo”, “!@#$%^&”) == “!@#$%^&”)

I need a backtick method that works the same way. Having popen work
that way would be nice. As it is, I think it’s only possible with
popen(“-”), having the child exec in such a way as to not interpolate
the arguments, and reading from that.

It’s simple. When you execute some command (or the equivalent
using %x), what Ruby actually executes is your command interpreter
(“shell” in Unix-speak), passing it the string between ...
to execute. It’s up to the shell to split up the command into
words, handle wildcard expansion (at least on UNIX; the command
interpreter on Windows leaves that latter duty up to the individual
commands), etc. The problem is that all this power is a security
hole because it’s easy to trick command interpreters into doing
ugly things just by passing something nefarious as a “filename”.

The original poster mentioned Kernel.system, which is the way to
execute a command when you don’t care about its output.
If you pass it one long string, Kernel.system will also invoke the
shell, but if instead you pass it separate arguments for each word of
the command line, it bypasses the shell and executes the command
directly. Thus:

system("ps -fp#{$$}")		# also invokes the shell
system('ps', "-fp#{$$}")	# doesn't invoke the shell
psOutput = `ps -fp#{$$}`	# invokes the shell

The question is: how do you complete the list, that is, capture the
command output without involving the shell?

The only solution of which I’m aware is to use popen/exec:

if fd = IO.popen('-') then
    psOutput = fd.readlines.join("\n")
else
    exec 'ps', "-fp#{$$}"
end

Of course, you could turn this into a method:

def safeBackticks(*args)
    if fd = IO.popen('-') then
	output = fd.readlines.join("\n")
    else
	exec *args
    end
    return output
end

I am not sure that I understand what you mean by “bypassing the shell”,
but will this work for you:

UNIX shells do globbing, whereas DOS (and CMD) leave that for the program to
do the globbing. Let’s say you have Sound1.ogg and Sound2.ogg in a
directory. When a DOS program gets a command like:

vorbiscomment *.ogg

ARGV[0] is “*.ogg”. It’s up to vorbiscomment to convert *.ogg into all of
the files in the directory that match *.ogg. However, when a UNIX shell gets
the same command, ARGV[0] is “Sound1.ogg”; ARGV[1] is “Sound2.ogg”.

Apparently Kernel::` is a method, but I can’t figure out how to call it
with my own arguments. Is there a non-punctuation name for it? This

Kernel::system(command [, args*]) should do what you’re after. If you know
you’re on a Unix system, you can escape asterisks with a backslash (e.g.,
“\\*” in Ruby). That should work.

-austin

Try this:

• vorbiscomment #{oldName}.each_line do |line|

• vorbiscomment "#{oldName}".each_line do |line|

The quotes should make the shell interpret the name literally, instead of
seeing the brackets as a token.

Cheers,
Daniel.

Your error is a shell syntax error, and not a Ruby error. Unix shells
don’t recognize unescaped parentheses within file names.

Change the line

oldName = “02_Ship_At_Sea_(Instrumental).ogg”

to oldName = “02_Ship_At_Sea_(Instrumental).ogg”

I am not sure that I understand what you mean by “bypassing the shell”,

It’s simple. When you execute some command (or the equivalent
using %x), what Ruby actually executes is your command interpreter
(“shell” in Unix-speak), passing it the string between ...
to execute. It’s up to the shell to split up the command into
words, handle wildcard expansion (at least on UNIX; the command
interpreter on Windows leaves that latter duty up to the individual
commands), etc. The problem is that all this power is a security
hole because it’s easy to trick command interpreters into doing
ugly things just by passing something nefarious as a “filename”.

The original poster mentioned Kernel.system, which is the way to
execute a command when you don’t care about its output.
If you pass it one long string, Kernel.system will also invoke the
shell, but if instead you pass it separate arguments for each word of
the command line, it bypasses the shell and executes the command
directly. Thus:

system(“ps -fp#{$$}”) # also invokes the shell
system(‘ps’, “-fp#{$$}”) # doesn’t invoke the shell
psOutput = ps -fp#{$$} # invokes the shell

The question is: how do you complete the list, that is, capture the
command output without involving the shell?

The only solution of which I’m aware is to use popen/exec:

if fd = IO.popen(‘-’) then
psOutput = fd.readlines.join(“\n”)
else
exec ‘ps’, “-fp#{$$}”
end

Of course, you could turn this into a method:

def safeBackticks(*args)
if fd = IO.popen(‘-’) then
output = fd.readlines.join(“\n”)

	fd.close #right?

  else
  exec *args
  end
  return output

end

Thanks, that method is exactly what I’m looking for.

I only wonder why it isn’t in Ruby already. Although I personally
couldn’t care less, the above can only be done in Windows by calling
CreateProcess() directly. Using quotes only works if the filename doesn’t
contain quotes. Escaping it would work, but it’s a hack, and dependent on
the shell. (Windows’s cmd will expand %VAR%, IIRC.) It’s also kind of
weird to have a method whose only name is “`”.

ri doesn’t say what popen(“-”) does with no block, though I see
it returns twice like fork(). Sweet.

Have fun,

I believe open3 will do what you want as well:

require ‘open3’
Open3.popen3(“cmd”,“args”,“go”,“here”,“etc”) { |in,out,err|
out.readlines.join(“\n”)
}

“Mark J. Reed” markjreed@mail.com wrote in message

“Austin Ziegler” austin@halostatue.ca wrote in message

I am not sure that I understand what you mean by “bypassing the shell”,
but will this work for you:

UNIX shells do globbing, whereas DOS (and CMD) leave that for the program
to
do the globbing.

Aha ! Thanks for the clarification.
– shanko

What you really want is a full shell-metacharacter escaper:

class String
def shellescape
self.dup.gsub!(/([&!#<>'" ])/) do |s|
# I think that’s all of them
‘\’ << s
end
end
end

and use vorbiscomment #{oldname.shellescape}

Thanks, that method is exactly what I’m looking for.

You’re welcome!

I only wonder why it isn’t in Ruby already.

I wouldn’t be surprised if it were, I just don’t know
where. In Perl, there’s a version of open that lets
you do the same thing, for instance.

It’s also kind of weird to have a method whose only name is “`”.

Why? Lots of methods only have operator names; Array#, for instance.

ri doesn’t say what popen(“-”) does with no block, though I see
it returns twice like fork(). Sweet.

Neither does the Pickaxe, but it a logical extrapolation from what’s
there, and besides, I tried it to see. The return value if there’s
no block is the same as the parameter that is passed to the block
if there is one: the IO object representing the connection in the
parent process, nil in the child process.

-Mark