We are using an actionscript to copy some files to an smb server, but are running into issues if a linux or mac user creates a file with characters in the name that are not supported in Windows. On a linux system this is a perfectly valid filename: Moz:illa?Pro"d"uc<>t\s.xlsx The example filename above is an exaggeration but we do frequently get multiple files at once that look something like this: "PIR6SS7SDB37: (REQUEST FOR ANSWERS)?.PDF" I am assuming that these files were created on a Mac where : and ? are valid filename characters. This causes 2 problems: 1. Trying copy a file called that to the smb share will fail and break our workflow. 2. If a file recipient downloads a group of files as a zip file where just one files has an invalid character, the recipient will be unable to extract the zip file using the built in zip extractor in Windows. It will claim that the zip file is invalid. 7zip will extract them replacing any invalid characters with underscores. But this is potentially going to cost time and money in user support. For my actionscript, I am including a function to sanitize the filename that is used for the destination of the smb copy. This will solve problem number 1 for me, but does not do anything to fix problem 2. Thanks, David
In case anyone else would like to see the sanitization code I am using: Code: #!/usr/bin/env python3 import json import sys jsonfile = sys.argv[1] # Load JSON data from the file passed as the first argument with open(sys.argv[1], 'r') as file: message_data = json.load(file) # function to sanitize filenames for security and compatibility def sanitize_filename(filename): ## Allow only space, alphanumeric characters, periods, and underscores allowed_chars = set(' abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789._-') return ''.join(char for char in filename if char in allowed_chars) # Iterate through attachments for attachment in message_data["attachments"]: # use sanitize_filename function sanitizedfilename = sanitize_filename(f"{attachment['filename']}") credit to https://labex.io/tutorials/nmap-how-to-sanitize-filenames-in-cybersecurity-419804 for some of the code.
