Function duct_sh::sh_dangerous [−] [src]

pub fn sh_dangerous<T: Into<OsString>>(command: T) -> Expression

Create a command from any string of shell code. This works like sh, but it's not limited to static strings.

Warning

Building shell commands out of user input raises serious security problems, in addition to ordinary whitespace and escaping issues, so this function has a scary name. If someone sneaks an argument like $(evil_command.sh) into your shell string, you will execute the evil command without meaning to. Shell escaping is tricky and platform-dependent, and using duct::cmd! is much safer when it's an option.

Example

use duct_sh::sh_dangerous;

let my_command = "echo".to_string() + " foo bar baz";
let output = sh_dangerous(my_command).read();

assert_eq!("foo bar baz", output.unwrap());