Command Injection

Some Ruby core methods accept string data that includes text to be executed as a system command.

They should not be called with unknown or unsanitized commands.

These methods include:

• Kernel.exec
• Kernel.spawn
• Kernel.system
• command (backtick method) (also called by the expression %x).
• IO.popen (when called with other than "-").