• Configurable filename rejection for Archive.extract()

    From Rob Swindell@1:103/705 to GitLab issue in main/sbbs on Tue May 17 09:33:34 2022
    open https://gitlab.synchro.net/main/sbbs/-/issues/405

    Currently Archive.extract() will only extract/create files that use the "safest" filename characters. Add an option to specify a different allowed character set for more relaxed security.
    --- SBBSecho 3.15-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Eric Oulashin@1:103/705 to GitLab note in main/sbbs on Tue May 17 13:16:12 2022
    https://gitlab.synchro.net/main/sbbs/-/issues/405#note_2587

    I'm wondering if it might also be useful to have a "blacklist" of filename characters you won't allow (which may be significantly shorter than the list of characters you will allow).
    --- SBBSecho 3.15-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nightfox@1:103/705 to Rob Swindell on Tue May 17 13:14:37 2022
    Re: Configurable filename rejection for Archive.extract()
    By: Rob Swindell to GitLab issue in main/sbbs on Tue May 17 2022 09:33 am

    open https://gitlab.synchro.net/main/sbbs/-/issues/405

    Currently Archive.extract() will only extract/create files that use the "safest" filename characters. Add an option to specify a different allowed character set for more relaxed security.

    I'm wondering if another option for a "blacklist" of disallowed characters would also be useful - So that instead of specifying all the characters you would accept (which may be fairly long), you could specify the characters you won't accept (which may be a much shorter list).

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to Nightfox on Wed May 18 12:14:44 2022
    Re: Configurable filename rejection for Archive.extract()
    By: Nightfox to Rob Swindell on Tue May 17 2022 01:14 pm

    Re: Configurable filename rejection for Archive.extract()
    By: Rob Swindell to GitLab issue in main/sbbs on Tue May 17 2022 09:33 am

    open https://gitlab.synchro.net/main/sbbs/-/issues/405

    Currently Archive.extract() will only extract/create files that use the "safest" filename characters. Add an option to specify a different allowed character set for more relaxed security.

    I'm wondering if another option for a "blacklist" of disallowed characters would also be useful - So that instead of specifying all the characters you would accept (which may be fairly long), you could specify the characters you won't accept (which may be a much shorter list).

    Actually I think the blacklist would be larger. Disallowing extended-ASCII characters alone would constitute a list of 128 characters.
    --
    digital man (rob)

    Rush quote #32:
    Begging hands and bleeding hearts will only cry out for more
    Norco, CA WX: 69.0øF, 67.0% humidity, 3 mph E wind, 0.00 inches rain/24hrs
    --- SBBSecho 3.15-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell@1:103/705 to GitLab note in main/sbbs on Sat Jun 25 18:58:20 2022
    https://gitlab.synchro.net/main/sbbs/-/issues/405#note_2646

    I think a typical blacklist would likely be much longer than a list of characters you would want to allow in filenames since more than half of the 256 possible character values should normally not be used in filenames (e.g. control characters (< 32) and characters > 127).
    --- SBBSecho 3.15-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)