Security audit & tests for system commands

[colinux]

The SystemCommand is a class executing system commands . This class is instantiated with the program name (like "whois"), and an array of arguments for this command.

# app/services/system_command.rb
def initialize(program, args)
  # ...
end

The program always comme from our code, but part of arguments are coming from users (e.g. domains string for whois check).
Each argument is put inside double quotes and escaped. The the final string command is computed and given to Open4 library.

We have to be sure there is no way to execute malicious code.