A gem for handling temporary file(s)?
in [Ruby]
|
Prev: Increase significant digits in Float
Next: Training
From: Albert Schlef on 3 Mar 2010 04:30 Robert Klemme wrote: > You could use a dirty hack and abuse a private method: > tf.send(:make_tmpname,'a','o')} Thanks. Anyway, it turned out that was my smallest problems. I ended up writing a wrapper class that remembers a set of related Tempfile object (or else the files get deleted too soon for me). -- Posted via http://www.ruby-forum.com/.
From: Caleb Clausen on 3 Mar 2010 14:35 On 3/2/10, Albert Schlef <albertschlef(a)gmail.com> wrote: > Paul Harrington wrote: >> ri Tempfile >> >> that'll get you started > > Thanks! I didn't know about Tempfile. > > Though I have a little problem: Tempfile let me *open* a new temporary > file. But I just need to generate a temporary file *name*, which I'll > pass to a shell command. I'm not expert enough to be certain about this, but by doing this you'll be creating a tempfile race condition security hole in your program. I think the same goes for Robert's suggestion as well. There may be a way to do it securely... but it's probably tricky. One advantage of Tempfile (and similar facilities in other languages) is that it avoids this subtle and nassty security hole. But you have to use it the way it wants to be used, otherwise you defeat the security. This is why you're better off rewriting this external command in ruby, if that's possible. Or rewriting your ruby script to make it an integral part of the external program. None of this may actually matter in your case... but you're the only one with enough information to make that judgment.
From: Daniel Berger on 3 Mar 2010 14:57 On Mar 3, 12:28 am, botp <botp...(a)gmail.com> wrote: > On Wed, Mar 3, 2010 at 10:19 AM, Albert Schlef <albertsch...(a)gmail.com> wrote: > > I'm writing a program that needs to generate two or three temporary > > files. > > > (Specifically: my program runs a shell command and I need to pass the > > shell command a path to a non-existing file which it will dump data to.) > > man mktemp > man tempfile > > > Is there a 'gem' that manages these things? Preferably it should remove > > the files when the script finishes or whatever. > > it is builtin in ruby. but in this case, you'd better do it all in ruby..
From: Caleb Clausen on 3 Mar 2010 16:13 On 3/3/10, Daniel Berger <djberg96(a)gmail.com> wrote: > Bah. Use file-temp. > > gem install file-temp I can't get file-temp to install at the moment, (for reasons unrelated to file-temp, apparently). Does file-temp allow one to create temporary _directories_? That's a feature I've often missed in the past.
From: Robert Klemme on 3 Mar 2010 16:46
On 03/03/2010 08:35 PM, Caleb Clausen wrote: > On 3/2/10, Albert Schlef <albertschlef(a)gmail.com> wrote: >> Paul Harrington wrote: >>> ri Tempfile >>> >>> that'll get you started >> Thanks! I didn't know about Tempfile. >> >> Though I have a little problem: Tempfile let me *open* a new temporary >> file. But I just need to generate a temporary file *name*, which I'll >> pass to a shell command. > > I'm not expert enough to be certain about this, but by doing this > you'll be creating a tempfile race condition security hole in your > program. I think the same goes for Robert's suggestion as well. Do you mean there is a robustness issue or a security issue? I don't see a security issue here. Robustness would only be at risk if the file name generation algorithm is bad. What else am I missing? > There > may be a way to do it securely... but it's probably tricky. One > advantage of Tempfile (and similar facilities in other languages) is > that it avoids this subtle and nassty security hole. But you have to > use it the way it wants to be used, otherwise you defeat the security. > This is why you're better off rewriting this external command in ruby, > if that's possible. Or rewriting your ruby script to make it an > integral part of the external program. > > None of this may actually matter in your case... but you're the only > one with enough information to make that judgment. Albert still did not disclose what the external program should do with the temporary file. We do not even know whether it is an option to rewrite the external program. Kind regards robert -- remember.guy do |as, often| as.you_can - without end http://blog.rubybestpractices.com/ |