spdx · goneall · Jun 29, 2023 · Mar 11, 2023 · Mar 12, 2023 · Mar 29, 2023
diff --git a/src/app/core.py b/src/app/core.py
@@ -66,7 +66,7 @@ def license_compare_helper(request):
                 base_url=urljoin(settings.MEDIA_URL, folder+'/')
                 )
             for myfile in request.FILES.getlist("files"):
-                filename = fs.save(myfile.name, myfile)
+                filename = fs.save(utils.removeSpecialCharacters(myfile.name), myfile)
                 uploaded_file_url = fs.url(filename).replace("%20", " ")
                 callfunc.append(settings.APP_DIR+uploaded_file_url)
                 nameoffile, fileext = os.path.splitext(filename)
@@ -206,7 +206,7 @@ def ntia_check_helper(request):
             fs = FileSystemStorage(location=settings.MEDIA_ROOT + "/" + folder,
                                    base_url=urljoin(settings.MEDIA_URL, folder + '/')
                                    )
-            filename = fs.save(myfile.name, myfile)
+            filename = fs.save(utils.removeSpecialCharacters(myfile.name), myfile)
             uploaded_file_url = fs.url(filename).replace("%20", " ")
             """ Call the python SBOM Checker """
             schecker = SbomChecker(str(settings.APP_DIR + uploaded_file_url))
@@ -316,7 +316,7 @@ def license_validate_helper(request):
             fs = FileSystemStorage(location=settings.MEDIA_ROOT +"/"+ folder,
                 base_url=urljoin(settings.MEDIA_URL, folder+'/')
                 )
-            filename = fs.save(myfile.name, myfile)
+            filename = fs.save(utils.removeSpecialCharacters(myfile.name), myfile)
             uploaded_file_url = fs.url(filename).replace("%20", " ")
             formatstr = request.POST["format"]
             serFileTypeEnum = jpype.JClass("org.spdx.tools.SpdxToolsHelper$SerFileType")
@@ -488,7 +488,7 @@ def license_convert_helper(request):
             folder = str(request.user) + "/" + str(int(time()))
             myfile = request.FILES['file']
             fs = FileSystemStorage(location=settings.MEDIA_ROOT +"/"+ folder,base_url=urljoin(settings.MEDIA_URL, folder+'/'))
-            filename = fs.save(myfile.name, myfile)
+            filename = fs.save(utils.removeSpecialCharacters(myfile.name), myfile)
             uploaded_file_url = fs.url(filename).replace("%20", " ")
             option1 = request.POST["from_format"]
             option2 = request.POST["to_format"]

diff --git a/src/app/utils.py b/src/app/utils.py
@@ -17,6 +17,7 @@
 import logging
 import re
 import socket
+import unicodedata
 import xml.etree.cElementTree as ET
 
 import redis
@@ -367,6 +368,10 @@ def postToGithub(message, encodedContent, filename):
     return r.status_code, r.json()
 
 
+def removeSpecialCharacters(filename):
+    return re.sub(r'[#%&{}<>*?/$!\'":@+`|=]', "-", filename)
+
+
 def parseXmlString(xmlString):
     """ View for generating a spdx license xml
     returns a dictionary with the xmlString license fields values