== Command Injection

Some Ruby core methods accept string data
that includes text to be executed as a system command.

They should not be called with unknown or unsanitized commands.

These methods include:

- Kernel.system
- {\`command` (backtick method)}[rdoc-ref:Kernel#`]
  (also called by the expression <tt>%x[command]</tt>).
- IO.popen(command).
- IO.read(command).
- IO.write(command).
- IO.binread(command).
- IO.binwrite(command).
- IO.readlines(command).
- IO.foreach(command).

Note that some of these methods do not execute commands when called
from subclass \File:

- File.read(path).
- File.write(path).
- File.binread(path).
- File.binwrite(path).
- File.readlines(path).
- File.foreach(path).