Function duct_sh::sh_dangerous
[−]
[src]
pub fn sh_dangerous<T: Into<OsString>>(command: T) -> Expression
Create a command from any string of shell code. This works like sh
, but
it's not limited to static strings.
Warning
Building shell commands out of user input raises serious security problems,
in addition to ordinary whitespace and escaping issues, so this function has
a scary name. If someone sneaks an argument like $(evil_command.sh)
into
your shell string, you will execute the evil command without meaning to.
Shell escaping is tricky and platform-dependent, and using duct::cmd!
is
much safer when it's an option.
Example
use duct_sh::sh_dangerous; let my_command = "echo".to_string() + " foo bar baz"; let output = sh_dangerous(my_command).read(); assert_eq!("foo bar baz", output.unwrap());