...
- Leading dashes: Leading dashes can cause problems when programs are called with the file name as a parameter because the first character or characters of the file name might be interpreted as an option switch.
- Control characters, such as newlines, carriage returns, and escape: Control characters in a file name can cause unexpected results from shell scripts and in logging.
- Spaces: Spaces can cause problems with scripts and when double quotes aren't used to surround the file name.
- Invalid character encodings: Character encodings can make it difficult to perform proper validation of file and path names. (See rule IDS11-J. Eliminate non-character code points before validation).
- Name-space separation characters: Including name-space separation characters in a file or path name can cause unexpected and potentially insecure behavior.
- Command interpreters, scripts, and parsers: Some characters have special meaning when processed by a command interpreter, shell, or parser and should consequently be avoided.
...
This is a specific instance of rule IDS00-J. Sanitize untrusted data passed across a trust boundary.
Noncompliant Code Example
...
MSC09-C. Character encoding - Use subset of ASCII for safety | ||||
MSC09-CPP. Character encoding - Use subset of ASCII for safety | ||||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e4281dd2414023d8-c9e82210-4f0b4ec8-ac9d987b-37cbdac27785fc4993a31711"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | Choice of filenames and other external identifiers [AJN] | ]]></ac:plain-text-body></ac:structured-macro> |
CWE-116. Improper encoding or escaping of output |
...
ISO 7-bit coded character set for information interchange | ||||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0e823ca21348d58f-0ef18e6d-4e80486b-856089c8-331c9b0f8282c96ef0f30452"><ac:plain-text-body><![CDATA[ | [[Kuhn 2006 | AA. Bibliography#Kuhn 06]] | UTF-8 and Unicode FAQ for UNIX/Linux | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="cb3b9f27dc325897-f23bf3d1-48774662-a3c7861e-55173238219bcbe67a82c273"><ac:plain-text-body><![CDATA[ | [[Wheeler 2003 | AA. Bibliography#Wheeler03]] | 5.4, File Names | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1eba549e1f1cc8d7-4bce5667-42444c35-90e3a533-e26169f52e79d072009e12cf"><ac:plain-text-body><![CDATA[ | [[VU#439395 | AA. Bibliography#VU439395]] | ]]></ac:plain-text-body></ac:structured-macro> |
...