Core: Add (optional) sanitization to the FileHandler class

ikelos · 616c696365 · commit 5d43071f572a · 2023-10-18T19:16:10.000+01:00
diff --git a/volatility3/framework/interfaces/plugins.py b/volatility3/framework/interfaces/plugins.py
@@ -43,7 +43,7 @@ def preferred_filename(self):
         return self._preferred_filename
 
     @preferred_filename.setter
-    def preferred_filename(self, filename):
+    def preferred_filename(self, filename: str):
         """Sets the preferred filename"""
         if self.closed:
             raise IOError("FileHandler name cannot be changed once closed")
@@ -57,6 +57,18 @@ def preferred_filename(self, filename):
     def close(self):
         """Method that commits the file and fixes the final filename for use"""
 
+    @staticmethod
+    def sanitize_filename(filename: str) -> str:
+        """Sanititizes the filename to ensure only a specific whitelist of characters is allowed through"""
+        allowed = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.- ()[]\{\}!$%^:#~?<>,|"
+        result = ""
+        for char in filename:
+            if char in allowed:
+                result += char
+            else:
+                result += "?"
+        return result
+
     def __enter__(self):
         return self
 
