Sanitize filenames before logging them

Sanitize filenames in various places in the code, before we write them
to the user's terminal. Filenames, especially in Linux, can contain
virtually any character except for '\0' and '/', so it's important to
sanitize them.

dangerzone/document.py

@@ -10,7 +10,7 @@ from typing import Optional
 
 import appdirs
 
-from . import errors
+from . import errors, util
 
 SAFE_EXTENSION = "-safe.pdf"
 ARCHIVE_SUBDIR = "unsafe"
@@ -156,7 +156,8 @@ class Document:
         return f"{os.path.splitext(self.input_filename)[0]}{self.suffix}"
 
     def announce_id(self) -> None:
-        log.info(f"Assigning ID '{self.id}' to doc '{self.input_filename}'")
+        sanitized_filename = util.replace_control_chars(self.input_filename)
+        log.info(f"Assigning ID '{self.id}' to doc '{sanitized_filename}'")
 
     def set_output_dir(self, path: str) -> None:
         # keep the same name

dangerzone/gui/logic.py

@@ -24,7 +24,7 @@ if platform.system() == "Linux":
 from ..isolation_provider.base import IsolationProvider
 from ..logic import DangerzoneCore
 from ..settings import Settings
-from ..util import get_resource_path
+from ..util import get_resource_path, replace_control_chars
 
 log = logging.getLogger(__name__)
 
@@ -67,7 +67,7 @@ class DangerzoneGui(DangerzoneCore):
             args = ["open", "-a", "Preview.app", filename]
 
             # Run
-            args_str = " ".join(shlex.quote(s) for s in args)
+            args_str = replace_control_chars(" ".join(shlex.quote(s) for s in args))
             log.info(Fore.YELLOW + "> " + Fore.CYAN + args_str)
             subprocess.run(args)
 
@@ -88,7 +88,7 @@ class DangerzoneGui(DangerzoneCore):
                     args[i] = filename
 
             # Open as a background process
-            args_str = " ".join(shlex.quote(s) for s in args)
+            args_str = replace_control_chars(" ".join(shlex.quote(s) for s in args))
             log.info(Fore.YELLOW + "> " + Fore.CYAN + args_str)
             subprocess.Popen(args)