almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 18:02:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Sanitize filenames before logging them

Browse source 
Sanitize filenames in various places in the code, before we write them
to the user's terminal. Filenames, especially in Linux, can contain
virtually any character except for '\0' and '/', so it's important to
sanitize them.
This commit is contained in:
Alex Pyrgiotis 2023-07-28 19:07:16 +03:00
parent 3788139d26
commit cfa0c01d8f
No known key found for this signature in database
GPG key ID: B6C15EBA0357C9AA
2 changed files with 6 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
dangerzone/document.py
View file

@ -10,7 +10,7 @@ from typing import Optional
import appdirs import appdirs
from . import errors from . import errors, util
SAFE_EXTENSION = "-safe.pdf" SAFE_EXTENSION = "-safe.pdf"
ARCHIVE_SUBDIR = "unsafe" ARCHIVE_SUBDIR = "unsafe"
@ -156,7 +156,8 @@ class Document:
return f"{os.path.splitext(self.input_filename)[0]}{self.suffix}" return f"{os.path.splitext(self.input_filename)[0]}{self.suffix}"
def announce_id(self) -> None: def announce_id(self) -> None:
log.info(f"Assigning ID '{self.id}' to doc '{self.input_filename}'") sanitized_filename = util.replace_control_chars(self.input_filename)
log.info(f"Assigning ID '{self.id}' to doc '{sanitized_filename}'")
def set_output_dir(self, path: str) -> None: def set_output_dir(self, path: str) -> None:
# keep the same name # keep the same name

6
dangerzone/gui/logic.py
View file

@ -24,7 +24,7 @@ if platform.system() == "Linux":
from ..isolation_provider.base import IsolationProvider from ..isolation_provider.base import IsolationProvider
from ..logic import DangerzoneCore from ..logic import DangerzoneCore
from ..settings import Settings from ..settings import Settings
from ..util import get_resource_path from ..util import get_resource_path, replace_control_chars
log = logging.getLogger(__name__) log = logging.getLogger(__name__)
@ -67,7 +67,7 @@ class DangerzoneGui(DangerzoneCore):
args = ["open", "-a", "Preview.app", filename] args = ["open", "-a", "Preview.app", filename]
# Run # Run
args_str = " ".join(shlex.quote(s) for s in args) args_str = replace_control_chars(" ".join(shlex.quote(s) for s in args))
log.info(Fore.YELLOW + "> " + Fore.CYAN + args_str) log.info(Fore.YELLOW + "> " + Fore.CYAN + args_str)
subprocess.run(args) subprocess.run(args)
@ -88,7 +88,7 @@ class DangerzoneGui(DangerzoneCore):
args[i] = filename args[i] = filename
# Open as a background process # Open as a background process
args_str = " ".join(shlex.quote(s) for s in args) args_str = replace_control_chars(" ".join(shlex.quote(s) for s in args))
log.info(Fore.YELLOW + "> " + Fore.CYAN + args_str) log.info(Fore.YELLOW + "> " + Fore.CYAN + args_str)
subprocess.Popen(args) subprocess.Popen(args)