How do I sanitize shell command and get the output in Ruby?

I开发者_StackOverflow have to run some shell commands where the user gives the input. I found one way which seemed secure: system *%W(ls #{file}) [here].

I need to get the output of that command, so I cant just use system. Is there a way to sanitize the command for backticks `` or for %x[]?

You want IO::popen instead of system. You can still pass an array of strings to invoke the command without a shell, and you can read from the resulting IO object.

If you want to read stderr too, then use the open3 module instead of IO.

What kind of shell commands are you running that Ruby cannot support? If you are listing files, use Dir