• Stars
    star
    216
  • Rank 183,179 (Top 4 %)
  • Language
    Ruby
  • License
    Other
  • Created almost 7 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Run shell commands safely, even with user-supplied values

Terrapin Build Status

Run shell commands safely, even with user-supplied values

API reference

Usage

The basic, normal stuff:

line = Terrapin::CommandLine.new("echo", "hello 'world'")
line.command # => "echo hello 'world'"
line.run # => "hello world\n"

Interpolated arguments:

line = Terrapin::CommandLine.new("convert", ":in -scale :resolution :out")
line.command(in: "omg.jpg",
             resolution: "32x32",
             out: "omg_thumb.jpg")
# => "convert 'omg.jpg' -scale '32x32' 'omg_thumb.jpg'"

It prevents attempts at being bad:

line = Terrapin::CommandLine.new("cat", ":file")
line.command(file: "haha`rm -rf /`.txt") # => "cat 'haha`rm -rf /`.txt'"

line = Terrapin::CommandLine.new("cat", ":file")
line.command(file: "ohyeah?'`rm -rf /`.ha!") # => "cat 'ohyeah?'\\''`rm -rf /`.ha!'"

NOTE: It only does that for arguments interpolated via run, NOT arguments passed into new (see 'Security' below):

line = Terrapin::CommandLine.new("echo", "haha`whoami`")
line.command # => "echo haha`whoami`"
line.run # => "hahawebserver\n"

This is the right way:

line = Terrapin::CommandLine.new("echo", "haha:whoami")
line.command(whoami: "`whoami`") # => "echo haha'`whoami`'"
line.run(whoami: "`whoami`") # => "haha`whoami`\n"

You can ignore the result:

line = Terrapin::CommandLine.new("noisy", "--extra-verbose", swallow_stderr: true)
line.command # => "noisy --extra-verbose 2>/dev/null"

# ... and on Windows...
line.command # => "noisy --extra-verbose 2>NUL"

If your command errors, you get an exception:

line = Terrapin::CommandLine.new("git", "commit")
begin
  line.run
rescue Terrapin::ExitStatusError => e
  e.message # => "Command 'git commit' returned 1. Expected 0"
end

If your command might return something non-zero, and you expect that, it's cool:

line = Terrapin::CommandLine.new("/usr/bin/false", "", expected_outcodes: [0, 1])
begin
  line.run
rescue Terrapin::ExitStatusError => e
  # => You never get here!
end

You don't have the command? You get an exception:

line = Terrapin::CommandLine.new("lolwut")
begin
  line.run
rescue Terrapin::CommandNotFoundError => e
  e # => the command isn't in the $PATH for this process.
end

But don't fear, you can specify where to look for the command:

Terrapin::CommandLine.path = "/opt/bin"
line = Terrapin::CommandLine.new("lolwut")
line.command # => "lolwut", but it looks in /opt/bin for it.

You can even give it a bunch of places to look:

FileUtils.rm("/opt/bin/lolwut")
File.open('/usr/local/bin/lolwut') { |f| f.write('echo Hello') }
Terrapin::CommandLine.path = ["/opt/bin", "/usr/local/bin"]
line = Terrapin::CommandLine.new("lolwut")
line.run # => prints 'Hello', because it searches the path

Or just put it in the command:

line = Terrapin::CommandLine.new("/opt/bin/lolwut")
line.command # => "/opt/bin/lolwut"

You can see what's getting run. The 'Command' part it logs is in green for visibility! (where applicable)

line = Terrapin::CommandLine.new("echo", ":var", logger: Logger.new(STDOUT))
line.run(var: "LOL!") # => Logs this with #info -> Command :: echo 'LOL!'

Or log every command:

Terrapin::CommandLine.logger = Logger.new(STDOUT)
Terrapin::CommandLine.new("date").run # => Logs this -> Command :: date

Security

Short version: Only pass user-generated data into the run method and NOT new.

As shown in examples above, Terrapin will only shell-escape what is passed in as interpolations to the run method. It WILL NOT escape what is passed in to the second argument of new. Terrapin assumes that you will not be manually passing user-generated data to that argument and will be using it as a template for your command line's structure.

Runners

Terrapin will choose from among a couple different ways of running commands. The simplest is Process.spawn, which is also the default. Terrapin can also just use backticks, so if for some reason you'd prefer that, you can ask Terrapin to use that:

Terrapin::CommandLine.runner = Terrapin::CommandLine::BackticksRunner.new

And if you really want to, you can define your own Runner, though I can't imagine why you would.

Terrapin::CommandLine.runner = Terrapin::CommandLine::BackticksRunner.new

And if you really want to, you can define your own Runner, though I can't imagine why you would.

JRuby issues

Caveat

If you get Error::ECHILD errors and are using JRuby, there is a very good chance that the error is actually in JRuby. This was brought to our attention in #24 and probably fixed in http://jira.codehaus.org/browse/JRUBY-6162. You will want to use the BackticksRunner if you are unable to update JRuby.

Spawn warning

If you get unsupported spawn option: out warning (like in issue 38), try to use PopenRunner:

Terrapin::CommandLine.runner = Terrapin::CommandLine::PopenRunner.new

Thread Safety

Terrapin should be thread safe. As discussed here, in this climate_control thread, climate_control, which modifies the environment under which commands are run for the BackticksRunner and PopenRunner, is thread-safe but not reentrant. Please let us know if you find this is ever not the case.

Feedback

Security concerns must be privately emailed to [email protected].

Question? Idea? Problem? Bug? Comment? Concern? Like using question marks?

GitHub Issues For All!

Credits

Thank you to all the contributors!

thoughtbot

Terrapin is maintained and funded by thoughtbot, inc

The names and logos for thoughtbot are trademarks of thoughtbot, inc.

License

Copyright 2011-2018 Jon Yurek and thoughtbot, inc. This is free software, and may be redistributed under the terms specified in the LICENSE file.

More Repositories

1

guides

A guide for programming in style.
Ruby
9,327
star
2

bourbon

A Lightweight Sass Tool Set
Ruby
9,100
star
3

paperclip

Easy file attachment management for ActiveRecord
Ruby
9,055
star
4

laptop

A shell script to set up a macOS laptop for web and mobile development.
Shell
8,416
star
5

dotfiles

A set of vim, zsh, git, and tmux configuration files.
Shell
7,942
star
6

factory_bot

A library for setting up Ruby objects as test data.
Ruby
7,826
star
7

administrate

A Rails engine that helps you put together a super-flexible admin dashboard.
JavaScript
5,867
star
8

neat

A fluid and flexible grid Sass framework
Ruby
4,444
star
9

suspenders

A Rails template with our standard defaults, ready to deploy to Heroku.
Ruby
3,922
star
10

til

Today I Learned
3,903
star
11

clearance

Rails authentication with email & password.
Ruby
3,629
star
12

shoulda-matchers

Simple one-liner tests for common Rails functionality
Ruby
3,513
star
13

Argo

Functional JSON parsing library for Swift
Swift
3,487
star
14

high_voltage

Easily include static pages in your Rails app.
Ruby
3,141
star
15

rcm

rc file (dotfile) management
Perl
2,990
star
16

factory_bot_rails

Factory Bot ♥ Rails
Ruby
2,972
star
17

shoulda

Makes tests easy on the fingers and the eyes
Ruby
2,196
star
18

expandable-recycler-view

Custom Android RecyclerViewAdapters that collapse and expand
Java
2,073
star
19

capybara-webkit

A Capybara driver for headless WebKit to test JavaScript web apps
Ruby
1,969
star
20

gitsh

An interactive shell for git
Ruby
1,957
star
21

Tropos

Weather and Forecasts for Humans
Swift
1,518
star
22

refills

[no longer maintained]
CSS
1,513
star
23

design-sprint

Product Design Sprint Material
1,415
star
24

bitters

Add a dash of pre-defined style to your Bourbon.
HTML
1,398
star
25

griddler

Simplify receiving email in Rails (deprecated)
Ruby
1,376
star
26

trail-map

Trails to help designers and developers learn various topics.
1,219
star
27

appraisal

A Ruby library for testing your library against different versions of dependencies.
Ruby
1,194
star
28

hotwire-example-template

A collection of branches that transmit HTML over the wire.
Ruby
1,033
star
29

parity

Shell commands for development, staging, and production parity for Heroku apps
Ruby
890
star
30

Runes

Infix operators for monadic functions in Swift
Swift
830
star
31

cocaine

A small library for doing (command) lines.
Ruby
788
star
32

fishery

A library for setting up JavaScript objects as test data
TypeScript
759
star
33

flutie

View helpers for Rails applications
Ruby
730
star
34

TBAnnotationClustering

Example App: How To Efficiently Display Large Amounts of Data on iOS Maps
Objective-C
728
star
35

vim-rspec

Run Rspec specs from Vim
Vim Script
650
star
36

climate_control

Modify your ENV
Ruby
512
star
37

constable

Better company announcements
Elixir
511
star
38

carnival

An unobtrusive, developer-friendly way to add comments
Haskell
501
star
39

ruby-science

The reference for writing fantastic Rails applications
Ruby
494
star
40

Curry

Swift implementations for function currying
Swift
494
star
41

pacecar

Generated scopes for ActiveRecord classes
Ruby
437
star
42

hoptoad_notifier

Reports exceptions to Hoptoad
Ruby
408
star
43

fake_stripe

A Stripe fake so that you can avoid hitting Stripe servers in tests.
Ruby
393
star
44

json_matchers

Validate your JSON APIs
Ruby
384
star
45

Swish

Nothing but Net(working)
Swift
363
star
46

superglue

A productive library for Classic Rails, React and Redux
JavaScript
361
star
47

paul_revere

A library for "one off" announcements in Rails apps.
Ruby
298
star
48

stencil

Android library, written exclusively in kotlin, for animating the path created from text
Kotlin
282
star
49

Perform

Easy dependency injection for storyboard segues
Swift
280
star
50

upcase

Sharpen your programming skills.
Ruby
275
star
51

testing-rails

Source code for the Testing Rails book
HTML
269
star
52

proteus

[no longer maintained]
Ruby
254
star
53

Delta

Managing state is hard. Delta aims to make it simple.
Swift
246
star
54

foundry

Providing a new generation of vector assets and infinite possibility for the interactive web and mobile applications
CSS
233
star
55

limerick_rake

A collection of useful rake tasks.
Ruby
232
star
56

shoulda-context

Shoulda Context makes it easy to write understandable and maintainable tests under Minitest and Test::Unit within Rails projects or plain Ruby projects.
Ruby
231
star
57

backbone-support

lumbar support
JavaScript
227
star
58

Superb

Pluggable HTTP authentication for Swift.
Swift
203
star
59

jack_up

[DEPRECATED] Easy AJAX file uploading in Rails
Ruby
202
star
60

fistface

DIY @font-face web service.
Ruby
182
star
61

squirrel

Natural-looking Finder Queries for ActiveRecord
Ruby
178
star
62

sortable_table

Sort HTML tables in your Rails app.
Ruby
157
star
63

write-yourself-a-roguelike

Write Yourself A Roguelike: Ruby Edition
Ruby
155
star
64

pester

Automatically ask for a PR review
Ruby
147
star
65

jester

REST in Javascript
JavaScript
146
star
66

complexity

A command line tool to identify complex code
Rust
142
star
67

kumade

Heroku deploy tasks with test coverage (DEPRECATED, NO LONGER BEING DEVELOPED)
Ruby
137
star
68

proteus-middleman

[no longer maintained]
CSS
133
star
69

FunctionalJSON-swift

Swift
133
star
70

capybara_discoball

Spin up an external server just for Capybara
Ruby
128
star
71

tropos-android

Weather and Forecasts for Humans
Kotlin
128
star
72

ModalPresentationView

Remove the boilerplate of modal presentations in SwiftUI
Swift
125
star
73

react-native-typescript-styles-example

A template react native project for ergonomic styling structure and patterns.
TypeScript
123
star
74

vimulator

A JavaScript Vim simulator for demonstrations
JavaScript
119
star
75

bourne

[DEPRECATED] Adds test spies to mocha.
Ruby
114
star
76

formulator

A form library for Phoenix
Elixir
106
star
77

poppins

Gifs!
Objective-C
106
star
78

tailwindcss-aria-attributes

TailwindCSS variants for aria-* attributes
JavaScript
100
star
79

ghost-theme-template

A project scaffold for building ghost themes using gulp, node-sass, & autoprefixer
HTML
91
star
80

paperclip_demo

Paperclip demo application
Ruby
87
star
81

middleman-template

The base Middleman application used at thoughtbot, ready to deploy to Netlify.
CSS
86
star
82

proteus-jekyll

[no longer maintained]
CSS
84
star
83

report_card

metrics and CI are for A students.
Ruby
77
star
84

ios-sample-blender

Sample code for the Blending Modes blog post
Objective-C
76
star
85

yuri-ita

Create powerful interfaces for filtering, searching, and sorting collections of items.
Ruby
76
star
86

baccano

[no longer maintained]
HTML
74
star
87

goal-oriented-git

A practical book about using Git
HTML
73
star
88

ios-on-rails

A guide to building a Rails API and iOS app
HTML
72
star
89

art_vandelay

Art Vandelay is an importer/exporter for Rails 6.0 and higher.
Ruby
71
star
90

maybe_haskell

Programming without Null
HTML
71
star
91

redbird

A Redis adapter for Plug.Session
Elixir
70
star
92

maintaining-open-source-projects

A successful open source project is not only one that is original, solves a particular problem well, or has pristine code quality. Those are but the tip of the iceberg, which we'll thoroughly dissect with this book.
Shell
67
star
93

templates

Documentation templates for open source projects.
64
star
94

FOMObot

A slack bot to help with FOMO.
Haskell
61
star
95

BotKit

BotKit is a Cocoa Touch static library for use in iOS projects. It includes a number of helpful classes and categories that are useful during the development of an iOS application.
Objective-C
61
star
96

react-native-template

Template React Native project to be used with Cookiecutter
JavaScript
60
star
97

CombineViewModel

An implementation of the Model-View-ViewModel (MVVM) pattern using Combine.
Swift
59
star
98

flightdeck

Terraform modules for rapidly building production-grade Kubernetes clusters following SRE practices
HCL
55
star
99

design-for-developers-starter-kit

A starter project for design for developer students
CSS
54
star
100

mile_marker

Mark off HTML implementation expectations with clear signage
Ruby
53
star