File names and path names containing particular characters can be troublesome and can cause unexpected behavior leading to potential vulnerabilities. If a program allows the user to specify a file name in the creation or renaming of a file, certain checks should be made to disallow the following characters and patterns:
- Leading dashesâ”Leading dashes—Leading dashes can cause problems when programs are called with the file name as a parameter because the first character or characters of the file name might be interpreted as an option switch.
- Control characters, such as newlines, carriage returns, and escapeâ”Control escape—Control characters in a file name can cause unexpected results from shell scripts and in logging.
- Spacesâ”Spaces Spaces—Spaces can cause problems with scripts and when double quotes aren't used to surround the file name.
- Invalid character encodings ┠— Character encodings can be a huge issue. (See guideline IDS03-J. Sanitize non-character code points before performing other sanitization.)
- Any characters other than letters, numbers, and punctuation designated here as portable ┠— Other special characters are included in this recommendation because they are commonly used as separators and having them in a file name can cause unexpected and potentially insecure behavior.
...
| Wiki Markup |
|---|
\[[Kuhn 2006|AA. Bibliography#Kuhn 06]\] UTF-8 and Unicode FAQ for UNIX/Linux \[[Wheeler 2003|AA. Bibliography#Wheeler03]\] 5.4 File Names \[[VU#881872|AA. Bibliography#VU881872]\] |
...
IDS01IDS14-J. Sanitize data passed across a trust boundaryPerform lossless conversion of String data between differing character encodings IDS03IDS16-J. Sanitize non-character code points before performing other sanitizationDo not locale-dependent methods on locale-sensitive data without specifying the appropriate locale