From cfa0c01d8fe87d2f3ff187a93a5e984d64352067 Mon Sep 17 00:00:00 2001
From: Alex Pyrgiotis <alex.p@freedom.press>
Date: Fri, 28 Jul 2023 19:07:16 +0300
Subject: [PATCH] Sanitize filenames before logging them

Sanitize filenames in various places in the code, before we write them
to the user's terminal. Filenames, especially in Linux, can contain
virtually any character except for '\0' and '/', so it's important to
sanitize them.
---
 dangerzone/document.py  | 5 +++--
 dangerzone/gui/logic.py | 6 +++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/dangerzone/document.py b/dangerzone/document.py
index 1ef4098..4aa2eeb 100644
--- a/dangerzone/document.py
+++ b/dangerzone/document.py
@@ -10,7 +10,7 @@ from typing import Optional
 
 import appdirs
 
-from . import errors
+from . import errors, util
 
 SAFE_EXTENSION = "-safe.pdf"
 ARCHIVE_SUBDIR = "unsafe"
@@ -156,7 +156,8 @@ class Document:
         return f"{os.path.splitext(self.input_filename)[0]}{self.suffix}"
 
     def announce_id(self) -> None:
-        log.info(f"Assigning ID '{self.id}' to doc '{self.input_filename}'")
+        sanitized_filename = util.replace_control_chars(self.input_filename)
+        log.info(f"Assigning ID '{self.id}' to doc '{sanitized_filename}'")
 
     def set_output_dir(self, path: str) -> None:
         # keep the same name
diff --git a/dangerzone/gui/logic.py b/dangerzone/gui/logic.py
index 0a2a17c..3832c56 100644
--- a/dangerzone/gui/logic.py
+++ b/dangerzone/gui/logic.py
@@ -24,7 +24,7 @@ if platform.system() == "Linux":
 from ..isolation_provider.base import IsolationProvider
 from ..logic import DangerzoneCore
 from ..settings import Settings
-from ..util import get_resource_path
+from ..util import get_resource_path, replace_control_chars
 
 log = logging.getLogger(__name__)
 
@@ -67,7 +67,7 @@ class DangerzoneGui(DangerzoneCore):
             args = ["open", "-a", "Preview.app", filename]
 
             # Run
-            args_str = " ".join(shlex.quote(s) for s in args)
+            args_str = replace_control_chars(" ".join(shlex.quote(s) for s in args))
             log.info(Fore.YELLOW + "> " + Fore.CYAN + args_str)
             subprocess.run(args)
 
@@ -88,7 +88,7 @@ class DangerzoneGui(DangerzoneCore):
                     args[i] = filename
 
             # Open as a background process
-            args_str = " ".join(shlex.quote(s) for s in args)
+            args_str = replace_control_chars(" ".join(shlex.quote(s) for s in args))
             log.info(Fore.YELLOW + "> " + Fore.CYAN + args_str)
             subprocess.Popen(args)