Written by
Bernardo
on
on
open-uri
TIL open-uri
internally patches Kernel.open
allowing remote code execution and reading local files.
If the string provided to open-uri
starts with a pipe it will get executed as
a command:
require "open-uri"
irb(main):001:0> require 'open-uri'
=> true
irb(main):002:0> open('|ls').to_a
=> ["content\n", "data\n", "layouts\n", "resources\n"]
For more information check this resource.