Tighten allowed file names

diff --git a/gatekeeper.pl b/gatekeeper.pl
index 44e1c512dec7fa873c7727995b277359416f6745..8549e82f1fd2d59274dc8031deadbd0dcf4dee71 100755 (executable)
--- a/gatekeeper.pl
+++ b/gatekeeper.pl
@@ -450,10 +450,10 @@ require File::Spec::Unix; # ensure that File::Spec::Unix is loaded
 # note that loading File::Spec earlier almost certainly made this a no-op
 
 # regex matching an acceptable filename in "this" directory
-#  must begin with alphanumeric, underscore, or plus sign
-#  and contain only those characters, plus hyphen, dot, and tilde
+#  must begin with an alphanumeric character
+#  and contain only alphanumeric, underscore, plus sign, hyphen, dot, and tilde
 #  note that an acceptable filename may not begin with dot, so ".." is out
-my $RE_filename_here = qr/[[:alnum:]_+][-.[:alnum:]_+~]*/;
+my $RE_filename_here = qr/[[:alnum:]][-.[:alnum:]_+~]*/;
 # regex matching an acceptable relative filename in POSIX syntax
 #  all components must be acceptable filenames
 #  empty components are not allowed

diff --git a/testsuite/gatekeeper.all/00_idle.exp b/testsuite/gatekeeper.all/00_idle.exp
index 8c47d738b5f7acb518f5e2a559b89ea8b1f4c3a5..4ed6d39e2c60a0aa324c836df9336b587d816344 100644 (file)
--- a/testsuite/gatekeeper.all/00_idle.exp
+++ b/testsuite/gatekeeper.all/00_idle.exp
@@ -50,7 +50,7 @@ age_file [file join $tenv incoming bogus2] "2 minutes 15 seconds ago"
 age_file [file join $tenv incoming bogus3] "1 minute  ago"
 
 foreach file {
-    _bogus +bogus __bogus _+bogus _-bogus _~bogus _.bogus
+    bo_gus bo+gus bo-gus bo~gus bo.gus
 } {
     put_file [file join $tenv incoming ${file}] "bogus file $file\n"
     age_file [file join $tenv incoming ${file}] "3 minutes ago"
@@ -58,7 +58,7 @@ foreach file {
 
 # files which are to be rejected, ignored, and removed
 foreach file {
-    x=x .abcfoobar -abcfoobar x;x \\~xax x*x x:x x?x ;xax
+    x=x .abcfoobar -abcfoobar x;x \\~xax x*x x:x x?x ;xax _x +x
 } {
     put_file [file join $tenv incoming ${file}] "bogus input $file\n"
     age_file [file join $tenv incoming ${file}] "3 minutes ago"
@@ -72,7 +72,7 @@ analyze_file_tree $tenv "idle processing: bogus files" {
     incoming
 } files {
     bogus1 bogus2 bogus3
-    _bogus +bogus __bogus _+bogus _-bogus _~bogus _.bogus
+    bo_gus bo+gus bo-gus bo~gus bo.gus
 }
 analyze_file_tree $tenv "idle processing: bogus files" {
     in-stage stage pub archive
@@ -87,13 +87,11 @@ analyze_log $tenv "idle processing: bogus files" {
 
     recent,bogus3 "skipped recent file: bogus3"
 
-    scan,_bogus  "scan found file: _bogus"
-    scan,+bogus  "scan found file: +bogus"
-    scan,__bogus "scan found file: __bogus"
-    scan,_+bogus "scan found file: _+bogus"
-    scan,_-bogus "scan found file: _-bogus"
-    scan,_~bogus "scan found file: _~bogus"
-    scan,_.bogus "scan found file: _.bogus"
+    scan,bo_gus "scan found file: bo_gus"
+    scan,bo+gus "scan found file: bo+gus"
+    scan,bo-gus "scan found file: bo-gus"
+    scan,bo~gus "scan found file: bo~gus"
+    scan,bo.gus "scan found file: bo.gus"
 
     !scan,x=x          "ignored file: x=x"
     !scan,.abcfoobar   "ignored file: .abcfoobar"
@@ -104,6 +102,8 @@ analyze_log $tenv "idle processing: bogus files" {
     !scan,x:x          "ignored file: x:x "
     !scan,x?x          "ignored file: x?x"
     !scan,;xax         "ignored file: ;xax"
+    !scan,_x           "ignored file: _x"
+    !scan,+x           "ignored file: +x"
 }
 
 analyze_no_mail $tenv "idle processing: bogus files"