Tutorial :Getting output of system() calls in Ruby


If I call a command using Kernel#system in Ruby, how do I get its output?



I'd like to expand & clarify chaos's answer a bit.

If you surround your command with backticks, then you don't need to (explicitly) call system() at all. The backticks execute the command and return the output as a string. You can then assign the value to a variable like so:

output = `ls`  p output  


printf output # escapes newline chars  


Be aware that all the solutions where you pass a string containing user provided values to system, %x[] etc. are unsafe! Unsafe actually means: the user may trigger code to run in the context and with all permissions of the program.

As far as I can say only system and Open3.popen3 do provide a secure/escaping variant in Ruby 1.8. In Ruby 1.9 IO::popen also accepts an array.

Simply pass every option and argument as an array to one of these calls.

If you need not just the exit status but also the result you probably want to use Open3.popen3:

require 'open3'  stdin, stdout, stderr, wait_thr = Open3.popen3('usermod', '-p', @options['shadow'], @options['username'])  stdout.gets(nil)  stdout.close  stderr.gets(nil)  stderr.close  exit_code = wait_thr.value  

Note that the block form will auto-close stdin, stdout and stderr- otherwise they'd have to be closed explicitly.

More information here: Forming sanitary shell commands or system calls in Ruby


Just for the record, if you want both (output and operation result) you can do:

output=`ls no_existing_file` ;  result=$?.success?  


You can use system() or %x[] depending what kind of result you need.

system() returning true if the command was found and ran successfully, false otherwise.

>> s = system 'uptime'  10:56  up 3 days, 23:10, 2 users, load averages: 0.17 0.17 0.14  => true  >> s.class  => TrueClass  >> $?.class  => Process::Status  

%x[..] on the other hand saves the results of the command as a string:

>> result = %x[uptime]  => "13:16  up 4 days,  1:30, 2 users, load averages: 0.39 0.29 0.23\n"  >> p result   "13:16  up 4 days,  1:30, 2 users, load averages: 0.39 0.29 0.23\n"  >> result.class  => String  

Th blog post by Jay Fields explains in detail the differences between using system, exec and %x[..] .


The straightforward way to do this correctly and securely is to use Open3.capture2(), Open3.capture2e(), or Open3.capture3().

Using ruby's backticks and its %x alias are NOT SECURE UNDER ANY CIRCUMSTANCES if used with untrusted data. It is DANGEROUS, plain and simple:

untrusted = "; date; echo"  out = `echo #{untrusted}`                              # BAD    untrusted = '"; date; echo"'  out = `echo "#{untrusted}"`                            # BAD    untrusted = "'; date; echo'"  out = `echo '#{untrusted}'`                            # BAD  

The system function, in contrast, escapes arguments properly if used correctly:

ret = system "echo #{untrusted}"                       # BAD  ret = system 'echo', untrusted                         # good  

Trouble is, it returns the exit code instead of the output, and capturing the latter is convoluted and messy.

The best answer in this thread so far mentions Open3, but not the functions that are best suited for the task. Open3.capture2, capture2e and capture3 work like system, but returns two or three arguments:

out, err, st = Open3.capture3("echo #{untrusted}")     # BAD  out, err, st = Open3.capture3('echo', untrusted)       # good  out_err, st  = Open3.capture2e('echo', untrusted)      # good  out, st      = Open3.capture2('echo', untrusted)       # good  p st.exitstatus  

Another mentions IO.popen(). The syntax can be clumsy in the sense that it wants an array as input, but it works too:

out = IO.popen(['echo', untrusted]).read               # good  

For convenience, you can wrap Open3.capture3() in a function, e.g.:

#  # Returns stdout on success, false on failure, nil on error  #  def syscall(*cmd)    begin      stdout, stderr, status = Open3.capture3(*cmd)      status.success? && stdout.slice!(0..-(1 + $/.size)) # strip trailing eol    rescue    end  end  


p system('foo')  p syscall('foo')  p system('which', 'foo')  p syscall('which', 'foo')  p system('which', 'which')  p syscall('which', 'which')  

Yields the following:

nil  nil  false  false  /usr/bin/which         <â€" stdout from system('which', 'which')  true                   <- p system('which', 'which')  "/usr/bin/which"       <- p syscall('which', 'which')  


You use backticks:



Another way is:

f = open("|ls")  foo = f.read()  

Note that's the "pipe" character before "ls" in open. This can also be used to feed data into the programs standard input as well as reading its standard output.


If you need to escape the arguments, in Ruby 1.9 IO.popen also accepts an array:

p IO.popen(["echo", "it's escaped"]).read  

In earlier versions you can use Open3.popen3:

require "open3"    Open3.popen3("echo", "it's escaped") { |i, o| p o.read }  

If you also need to pass stdin, this should work in both 1.9 and 1.8:

out = IO.popen("xxd -p", "r+") { |io|      io.print "xyz"      io.close_write      io.read.chomp  }  p out # "78797a"  


I found that the following is useful if you need the return value:

result = %x[ls]  puts result  

I specifically wanted to list the pids of all the Java processes on my machine, and used this:

ids = %x[ps ax | grep java | awk '{ print $1 }' | xargs]  


As Simon Hürlimann already explained, Open3 is safer than backticks etc.

require 'open3'  output = Open3.popen3("ls") { |stdin, stdout, stderr, wait_thr| stdout.read }  

Note that the block form will auto-close stdin, stdout and stderr- otherwise they'd have to be closed explicitly.


As a direct system(...) replacement you may use Open3.popen3(...)

Further discussion: http://tech.natemurray.com/2007/03/ruby-shell-commands.html


While using backticks or popen is often what you really want, it doesn't actually answer the question asked. There may be valid reasons for capturing system output (maybe for automated testing). A little Googling turned up an answer I thought I would post here for the benefit of others.

Since I needed this for testing my example uses a block setup to capture the standard output since the actual system call is buried in the code being tested:

require 'tempfile'    def capture_stdout    stdout = $stdout.dup    Tempfile.open 'stdout-redirect' do |temp|      $stdout.reopen temp.path, 'w+'      yield if block_given?      $stdout.reopen stdout      temp.read    end  end  

So this gives us a method that will capture any output in the given block using a tempfile to store the actual data. Example usage:

captured_content = capture_stdout do    system 'echo foo'  end  puts captured_content  

Of course you can replace the system call with anything that might internally call system. You could also use the same method for capturing stderr if you wanted.


If you want the output redirected to a file using Kernel#system, you can do modify descriptors like this:

redirect stdout and stderr to a file(/tmp/log) in append mode:

system('ls -al', :out => ['/tmp/log', 'a'], :err => ['/tmp/log', 'a'])

For a long running command, this will store the output in real time. You can also, store the output using a IO.pipe and redirect it from Kernel#system.


puts `date`  puts $?      Mon Mar  7 19:01:15 PST 2016  pid 13093 exit 0  


I didn't find this one here so adding it, I had some issues getting the full output.

You can redirect STDERR to STDOUT if you want to capture STDERR using backtick.

output = `grep hosts /private/etc/* 2>&1`

source: http://blog.bigbinary.com/2012/10/18/backtick-system-exec-in-ruby.html

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »