How to Make a Ruby String Safe for a Filesystem

How to make a Ruby string safe for a filesystem?

From http://web.archive.org/web/20110529023841/http://devblog.muziboo.com/2008/06/17/attachment-fu-sanitize-filename-regex-and-unicode-gotcha/:

def sanitize_filename(filename)
  returning filename.strip do |name|
   # NOTE: File.basename doesn't work right with Windows paths on Unix
   # get only the filename, not the whole path
   name.gsub!(/^.*(\\|\/)/, '')

   # Strip out the non-ascii character
   name.gsub!(/[^0-9A-Za-z.\-]/, '_')
  end
end

Standardize a String for Filename, remove accents and special chars

Take a look at ActiveSupport::Inflector.transliterate, it's very useful handling this kind of chars problems. Read there: ActiveSupport::Inflector

Then, you could do something like:

ActiveSupport::Inflector.transliterate my_string.downcase.gsub(/\s/,"_")

invalid chars filter for file/folder name? (ruby)

Like Geo said, by using gsub you can easily convert all invalid characters to a valid character. For example:

file_names.map! do |f|
  f.gsub(/[<invalid characters>]/, '_')
end

You need to replace <invalid characters> with all the possible characters that your file names might have in them that are not allowed on your file system. In the above code each invalid character is replaced with a _.

Wikipedia tells us that the following characters are not allowed on NTFS:

• U+0000 (NUL)
• / (slash)
• \ (backslash)
• : (colon)
• * (asterisk)
• ? (question mark)
• " (quote)
• < (less than)

• (greater than)

• | (pipe)

So your gsub call could be something like this:

file_names.map! { |f| f.gsub(/[\x00\/\\:\*\?\"<>\|]/, '_') }

which replaces all the invalid characters with an underscore.

How to do a safe join pathname in ruby?

I recommend using File.join

>> File.join("path", "to", "join")
=> "path/to/join"

How to override `File::SEPARATOR`

When you define redefine the constant, all future Ruby code will see this new value.

However the implementation of File.join is in C which references the C constant of the separator which you have not redefined.

Any C code will reference the original value (that was set when the Ruby interpreter was initialized) whereas any Ruby code will reference the overridden/redefined value.

How to safely let users run arbitrary Ruby code?

Three suggestions:

1) Take a look at Ruby taint levels. This provides some degree of protection against, eval('evil_code') type things, etc.

2) Unless user's actually need access to the local file system, use something like fakefs

3) No matter what else you do follow Tronic's suggestion (can be a pain to setup, but limited chroot jails are about the only way to make absolutely sure that user's cannot access resources you don't explicitly want them to).

Ruby - How to set data_uri (base64) filename with Shrine

You can add the filename by updating the file_data column after assigning the data URI:

anex = Anex.new(file_data_uri: data_uri)
file = anex.file
file.metadata["filename"] = "test.png"
anex.file_data = file.to_json

Escape spaces in a linux pathname with Ruby gsub

Stefan is right; I just want to point out that if you have to escape strings for shell use you should check Shellwords::shellescape:

require 'shellwords'

puts Shellwords.shellescape "/mnt/drive/site/usa/1201 East/1201 East Invoice.pdf"
# prints /mnt/drive/site/usa/1201\ East/1201\ East\ Invoice.pdf

# or

puts "/mnt/drive/site/usa/1201 East/1201 East Invoice.pdf".shellescape
# prints /mnt/drive/site/usa/1201\ East/1201\ East\ Invoice.pdf

# or (as reported by @hagello)
puts shellwords.escape "/mnt/drive/site/usa/1201 East/1201 East Invoice.pdf"
# prints /mnt/drive/site/usa/1201\ East/1201\ East\ Invoice.pdf

---

Related Topics