is.safeFileName: Verify that a fileName is safe for use in shell commands.

Description Usage Arguments Value Valid names

Description

Validates filenames for use in system commands. Allows for either blacklist and whitelist filtering, and independently controls several characters in common use in filenames that could be dangerous in some contexts. Optionally may also require a filename to exist or not to exist.

Usage

1
2
is.safeFileName(names, exists = NULL, weak = FALSE, okSpace = TRUE,
  okTilde = TRUE, okBackslash = FALSE, okComma = FALSE, okColon = FALSE)

Arguments

names

A vector of filenames to check.

exists

NULL Can set TRUE to ensure file exists, or FALSE to ensure file does NOT exist. (Note, don't rely on this as only error check for reading/writting file as that introduces a race condition).

weak

default this is FALSE and validation is done using white-listed characters. Set TRUE to do validation using blacklisted characters. See Valid names below for additional info

okSpace

Set TRUE to ban a space. Allows " " by default.

okTilde

Set TRUE to ban a tilde. Allows "~" by default (anywhere!).

okBackslash

Set TRUE to allow a backslash. No \ are allowed by default.

okComma

Set TRUE to allow a comma. No , are allowed by default.

okColon

Set TRUE to allow a colon. No : are allowed by default.

Value

Returns a vector of booleans the same length as the input names, TRUE if the file is safe, FALSE if it fails any test.

Valid names

Filtering at a single character level will catch most bad names:

Always bad ` $ ( ) | ; & > <
Always ok A:Z a:z 0:9 _ . - /
Can set bad " " (space)
Can set bad ~ (tilde will be allowed anywhere)
Can set ok \ , :
May not start with + -

In addition, no filename may contain either " -" or " +" ( the - or + character preceded by a space.) This prevents injecting new options.

By default, whitelist validation is used. Files may only use charcters explicitly allowed. Can switch to blacklist validation by setting weak= TRUE, which allows any character not explicitly banned.


jefferys/fusionExpressionPlot documentation built on May 19, 2019, 3:59 a.m.