I have legacy code, and rewriting this will take me a long while. Until then I need a solution that "works", even if it is ugly.
The main class of the code generates a long HTML string and stores this in an #instance variable.
Unfortunately, the larger framework also sometimes directly puts out something, through puts or print, and so can be used in a .cgi script.
I need to be able to capture all output from that framework, possibly filter or process it, before I send it to the user/visitor.
Is it possible to capture all puts and print statements from a Ruby script, and handle this gracefully?
In the final form, I will have to use puts and print anyway, but I need to sanitize some things there, possibly redirect, also optionally log output BEFORE I use puts/print.
Easy. By default puts and print output to the $stdout I/O channel. Reassign $stdout to a different file handle and output of those commands will go to the new channel.
Change where $stdout points.
File.open('spool.out', 'wb') do |fo|
$stdout = fo
puts 'hello world'
$stdout = STDOUT
end
Save that to a file and run it. You should see a file appear called "spool.out" containing "hello world".
It's not necessary to wrap everything in a File.open block. All that's important is you reassign $stdout to a file handle, then reset it later, so it could also be done like this:
$stdout = File.open('spool.out', 'wb')
puts 'hello world'
$stdout.close
$stdout = STDOUT
At startup, a Ruby script has access to a number of different global variables and constants: $stdout will be the same as STDOUT, and $stderr will be the same as STDERR.
See "Does Ruby use $stdout for writing the output of puts and return?" and "Putting the results of pp (or anything outputted to console) into a string" for more information.
You could redefine the print/puts function to add new functionality.
It could be done like so:
def print message
#do something, like editing the message and logging it
puts "Im here"
super "#{message}:edited version"
end
print "hello world"
Result:
->Im here
->hello world:edited version
Related
So I'm trying to redirect output to a file temporarily:
prev_std = STDOUT
$stdout.reopen(#filename, 'w:UTF-8')
# stuff happens here with #filename and lots of output
$stdout = prev_std
but when I do this, it seems as though I can't redirect it back afterwards. What am I doing wrong here?
STDOUT is a constant that represents the standard output, which is an IO object. And $stdout is a global variable whose default values is usually STDOUT itself, by default, both point to the same object:
$stdout.object_id == STDOUT.object_id => true
If you call a method on one of them, the other one will be affected. So if you call a method using $stdout it will also take effect on STDOUT. Calling reopen on $stdout will affect STDOUT as well (even if it's a constant).
If you want to redirect output to a file temporarily and restore it then to the standard output, you should assign $stdout a new IO object:
$stdout = File.open('/path/to/file', 'w:UTF-8')
puts "this will go to the file"
$stdout = STDOUT
puts "this will go to standard output!"
See also the following questions:
What is the difference between Ruby's $stdout and STDOUT?
What is the difference between STDIN and $stdin in Ruby?
Reopening an IO Stream vs. just using the new Stream
And The IO reopen method along with the rest of IO methods.
You're calling reopen on STDOUT since $stdout is just a global variable that points to the same object. This permanently changes STDOUT.
What about this:
$stdout = File.open(#filename, 'w:UTF-8')
# ...
$stdout = prev_std
I wrote a madlib in Ruby, and want to save the resulting madlib to a txt file. This is what I wrote, but the resulting txt file is empty:
file=File.open("madlib_output.txt","a")
file.puts
file.close
There are ways to save the output of a script to a file without having to modify every puts in the script.
The easiest is to route the output at the command-line using redirection. Running a script with > some_file at the of the command will route all STDOUT to the file. Similarly, using > some_file 2>&1 will route both STDOUT and STDERR to the same file. This won't capture anything typed in at a gets as the code waits for input though, because that won't count as program output.
If you don't mind changing your code a little, you can temporarily change the interpreter's idea of what STDOUT is by reassigning it to a file:
old_stdout = $stdout
File.open('output.txt', 'w') do |fo|
$stdout = fo
# ----
# your code goes here
puts "hello world"
# ----
end
$stdout = old_stdout
Run that, then look at the file "output.txt" and you'll see "hello world", even though we didn't print to the file-handle fo directly, like we would normally do using fo.puts.
There are a variety of ways of doing the same thing but they amount to pointing STDOUT or STDERR somewhere else, writing to them, then resetting them.
Typically, if we intend from the start to output to a file, then we should use a File.open block:
File.open('output.txt', 'w') do |fo|
fo.puts "hello world"
end
The benefit of that is the file will be closed automatically when the block exits.
Is this what you looking for ? You can open madlib_output.txt file in append mode and whatever you want to write will be inside the block eg: "hi"
File.open("madlib_output.txt","a") do |f|
f.puts "hi"
end
I have a console application on a mac that puts out an error code via NSLog. How can I capture the results of NSLog when running the console application in ruby?
I've tried approaches like redirecting stderr, but that doesn't seem to do the trick.
OK, I will edit this to be crystal clear.
I have a program written for MacOS that currently reports its output via NSLog. For all intents and purposes, it can just have this line in its main.m file:
NSLog(#"Hello world!");
I want to capture the contents of that NSLog. I cannot change the program itself, I just have the log files. I want to do so in Ruby for the purposes of some rspec-based testing.
Right now, I cannot use redirects. Any kind of redirect, as in:
#output = `#{theProgramToTest}`
puts #output
results in no output. If I do the redirection of stderr as described in that previous question I linked to, I still have no result. So how can I capture the results of the program? I do not want to redirect them to a file.
Maybe this'll help:
require 'stringio'
str_stdout, str_stderr = (1..2).map{ StringIO.new }
puts "redirecting outputs"
old_stdout, old_stderr = $stdout, $stderr
$stdout, $stderr = str_stdout, str_stderr
STDOUT.puts "This is written to the old STDOUT"
STDERR.puts "This is written to the old STDERR"
$stdout.puts "This is written to str_stdout"
$stderr.puts "This is written to str_stderr"
puts 'this is output via "puts"'
`date`
`date >&2` # this is output to stderr
STDOUT.puts "resetting STDOUT and STDERR"
$stdout, $stderr = old_stdout, old_stderr
str_stdout.rewind
str_stderr.rewind
puts str_stdout.read
puts str_stderr.read
Which outputs:
redirecting outputs
This is written to the old STDOUT
This is written to the old STDERR
Mon Jul 8 21:51:19 MST 2013
resetting STDOUT and STDERR
This is written to str_stdout
this is output via "puts"
This is written to str_stderr
Single-step that using a debugger or PRY to see when the various outputs occur.
I'm trying to download a file using net/sftp and pass its contents as the stdin for a command-line app. I can do it by first writing the file to disk but I'd rather avoid that step.
Is there any way to control the input to a program invoked with system() in ruby?
Don't use system at all for this sort of thing, system is best for running an external command that you don't need to talk to.
Use Open3.open3 or Open3.open2 to open up some pipes to your external process then write to the stdin pipe just like writing to any other IO channel; if there is any output to deal with, then you can read it straight from the stdout pipe just like reading from any other input IO channel.
Something like this perhaps (using open as mu suggested)?
contents = "Hello, World!"
open('|echo', 'w') { puts contents }
This can also be accomplished with IO.expect
require 'pty'
require 'expect'
str = "RUBY_VERSION"
PTY.spawn("irb") do |reader, writer|
reader.expect(/0> /)
writer.puts(str)
reader.expect(/=> /)
answer = reader.gets
puts "Ruby version from irb: #{answer}"
end
This waits for the spawned process to display "0> " (the end of an irb prompt) and when it sees that prints a defined string. It then looks for the irb to return by waiting for it to display "=> " and grabs the data returned.
I'm building a daemon that will help me manage my server(s). Webmin works fine, as does just opening a shell to the server, but I'd prefer to be able to control server operations from a UI I design, and also expose some functionality to end users.
The daemon will pick up actions from a queue and execute them. However, since I'll be accepting input from users, I want to make sure they're not permitted to inject something dangerous into a privileged shell command.
Here's a fragment that exemplifies my problem:
def perform
system "usermod -p #{#options['shadow']} #{#options['username']}"
end
A gist that explains more: https://gist.github.com/773292
I'm not positive if typical escaping and sanitizing of inputs is enough for this case, and being a designer, I don't have a ton of security-related experience. I know that this is something that should probably be obvious to me, but its not!
How can I ensure that the web application that will create and serialize the actions can't pass dangerous text into the privileged process that receives the actions?
Thanks for the help
arb
It doesn't look like you need a shell for what you're doing. See the documentation for system here: http://ruby-doc.org/core/classes/Kernel.html#M001441
You should use the second form of system. Your example above would become:
system 'usermod', '-p', #options['shadow'], #options['username']
A nicer (IMO) way to write this is:
system *%W(usermod -p #{#options['shadow']} #{#options['username']})
The arguments this way are passed directly into the execve call, so you don't have to worry about sneaky shell tricks.
If you need not just the exit status but also the result you probably want to use Open3.popen3:
require 'open3'
stdin, stdout, stderr = Open3.popen3('usermod', '-p', #options['shadow'], #options['username'])
stdout.gets
sterr.gets
More information here: Getting output of system() calls in Ruby
I'd suggest looking into the 'shellwords' module. This script:
require 'shellwords'
parts = ['echo', "'hello world'; !%& some stuff", 'and another argument']
command = Shellwords.shelljoin( parts )
puts command
output = `#{ command }`
puts output
outputs the escaped text and the expected output:
echo \'hello\ world\'\;\ \!\%\&\ some\ stuff and\ another\ argument
'hello world'; !%& some stuff and another argument
This is an old question, but since it's pretty much the only real answer you'll find when googling I thought I'd add a caveat. The multi argument version of system seems reasonably safe on Linux, but it is NOT on Windows.
Try system "dir", "&", "echo", "hi!"
on a Windows system. Both dir and echo will be run. Echo could of course just as well be something far less innocuous.
I know this is an old thread, but there is another option that was lightly touched on by Simon Hürlimann.
There is not a lot of information about this topic and I think this might help others in need.
For this example we'll use Open3 which gives you the ability to run commands synchronously or asynchronously, and provides stdout, stderr, exit codes, and PID.
Open3 grants you access to stdout, stderr, exit codes and a thread to wait for the child process when running another program. You can specify various attributes, redirections, current directory, etc., of the program in the same way as for Process.spawn. (Source: Open3 Docs)
I chose to format the output as a CommandStatus object. This contains our stdout, stderr, pid (Of the worker thread) and exitstatus.
class Command
require 'open3'
class CommandStatus
#stdout = nil
#stderr = nil
#pid = nil
#exitstatus = nil
def initialize(stdout, stderr, process)
#stdout = stdout
#stderr = stderr
#pid = process.pid
#exitstatus = process.exitstatus
end
def stdout
#stdout
end
def stderr
#stderr
end
def exit_status
#exitstatus
end
def pid
#pid
end
end
def self.execute(command)
command_stdout = nil
command_stderr = nil
process = Open3.popen3(ENV, command + ';') do |stdin, stdout, stderr, thread|
stdin.close
stdout_buffer = stdout.read
stderr_buffer = stderr.read
command_stdout = stdout_buffer if stdout_buffer.length > 0
command_stderr = stderr_buffer if stderr_buffer.length > 0
thread.value # Wait for Process::Status object to be returned
end
return CommandStatus.new(command_stdout, command_stderr, process)
end
end
cmd = Command::execute("echo {1..10}")
puts "STDOUT: #{cmd.stdout}"
puts "STDERR: #{cmd.stderr}"
puts "EXIT: #{cmd.exit_status}"
While reading the STDOUT/ERR buffers, I use command_stdout = stdout_buffer if stdout_buffer.length > 0 to control whether the command_stdout variable is assigned or not. You should pass nil instead of "" when no data is present. It's more clear when handing data later on.
You probably noticed me using command + ';'. The reason for this is based on the documentation from Kernel.exec (Which is what popen3 uses):
If the string from the first form (exec("command")) follows these
simple rules:
no meta characters
no shell reserved word and no special built-in
Ruby invokes the command directly without shell
You can force shell invocation by adding ";" to the string (because
";" is a meta character)
This simply prevents a Ruby from throwing a 'spawn': No such file or directory error if you pass a malformed command. Instead it will pass it straight to the kernel where the error will be resolved gracefully and appear as STDERR instead of an uncaught exception.
Modern, secure and simple solution (popen will escape arguments for you):
IO.popen(['usermod', '-p', #options['shadow'], #options['username']]).read
(#read will close the IO before returning)