diff --git a/doc/development/shell_commands.md b/doc/development/shell_commands.md index 1f3908f4e27123ecb81705c981c8840da3301e93..23c8365c340f8f3fc7b8032bc069a5edf5397636 100644 --- a/doc/development/shell_commands.md +++ b/doc/development/shell_commands.md @@ -22,6 +22,12 @@ FileUtils.mkdir_p "tmp/special/directory" contents = `cat #{filename}` # Correct contents = File.read(filename) + +# Sometimes a shell command is just the best solution. The example below has no +# user input, and is hard to implement correctly in Ruby: delete all files and +# directories older than 120 minutes under /some/path, but not /some/path +# itself. +Gitlab::Popen.popen(%W(find /some/path -not -path /some/path -mmin +120 -delete)) ``` This coding style could have prevented CVE-2013-4490.