fix(wallets): prevent path traversal in `wallet_file_path` and update file extension

[shamardy]

This PR prevents wallet file path traversal attacks by properly validating wallet names before constructing file paths.

Changes

• Added validation in wallet_file_path to only allow alphanumeric characters, dash, and underscore in wallet names
• Changed wallet file extension from .dat to .json to better reflect content

Fixes #2355

[shamardy]

Is it intended to disallow wallet names with spaces in them?

I will allow spaces again.

[shamardy]

@smk762 Allowed spaces in wallet name, leading or trailing spaces are trimmed as well.

[shamardy]

Incidentally, wallet_password accepted weakpass without issue. Shouldn't we enforce the same password requirements as we do for RPC password?

I meant for this to let GUI handle it, but just found we have allow_weak_password config param so I will enforce same password requirements as RPC password and if allow_weak_password is passed it will be for both.

[smk762]

@smk762 Allowed spaces in wallet name, leading or trailing spaces are trimmed as well.

Confirming this is functioning as expected, and resultant wallet file trims pre/post spaces.

[smk762]

Incidentally, wallet_password accepted weakpass without issue. Shouldn't we enforce the same password requirements as we do for RPC password?

I meant for this to let GUI handle it, but just found we have allow_weak_password config param so I will enforce same password requirements as RPC password and if allow_weak_password is passed it will be for both.

Should I open a separate issue for this? It's currently the only aspect of this PR blocking approval.

[shamardy]

Shouldn't we enforce the same password requirements as we do for RPC password?

This should be fixed now @smk762 . Password policy will be enforced if allow_weak_password is not passed or false, this will happen for 3 cases:

• Mnemonic generation
• Passing a passphrase while creating a wallet
• change_mnemonic_password RPC

[smk762]

Thanks!

On launch, creating a wallet with existing seed:

• 15 05:39:20, mm2:299] mm2:372] mm2:169] lp_native_dex:509] lp_wallet:218] Error initializing wallet: Password does not meet policy requirements: Password length should be at least 8 characters long
• 15 05:42:13, mm2:299] mm2:372] mm2:169] lp_native_dex:509] lp_wallet:218] Error initializing wallet: Password does not meet policy requirements: Password should contain at least 1 lowercase character
• 15 05:38:20, mm2:299] mm2:372] mm2:169] lp_native_dex:509] lp_wallet:218] Error initializing wallet: Password does not meet policy requirements: Password should contain at least 1 uppercase character
• 15 05:38:52, mm2:299] mm2:372] mm2:169] lp_native_dex:509] lp_wallet:218] Error initializing wallet: Password does not meet policy requirements: Password should contain at least 1 special character
• 15 05:38:06, mm2:299] mm2:372] mm2:169] lp_native_dex:509] lp_wallet:218] Error initializing wallet: Password does not meet policy requirements: Password should contain at least 1 digit

On launch, creating wallet with new seed:

• 15 06:00:04, mm2:299] mm2:372] mm2:169] lp_native_dex:509] lp_wallet:187] Error initializing wallet: Password does not meet policy requirements: Password should contain at least 1 digit
• 15 06:00:57, mm2:299] mm2:372] mm2:169] lp_native_dex:509] lp_wallet:187] Error initializing wallet: Password does not meet policy requirements: Password should contain at least 1 lowercase character
• 15 06:01:15, mm2:299] mm2:372] mm2:169] lp_native_dex:509] lp_wallet:187] Error initializing wallet: Password does not meet policy requirements: Password should contain at least 1 uppercase character
• 15 06:01:37, mm2:299] mm2:372] mm2:169] lp_native_dex:509] lp_wallet:187] Error initializing wallet: Password does not meet policy requirements: Password can't contain the word password
• 15 06:02:39, mm2:299] mm2:372] mm2:169] lp_native_dex:509] lp_wallet:187] Error initializing wallet: Password does not meet policy requirements: Password can't contain the same character 3 times in a row

On change_mnemonic_password RPC:

• 15 05:47:30, mm2_main::rpc::dispatcher:125] ERROR RPC error response: lp_wallet:576] Password does not meet policy requirements: Password length should be at least 8 characters long
• 15 05:48:22, mm2_main::rpc::dispatcher:125] ERROR RPC error response: lp_wallet:576] Password does not meet policy requirements: Password should contain at least 1 lowercase character
• 15 05:48:47, mm2_main::rpc::dispatcher:125] ERROR RPC error response: lp_wallet:576] Password does not meet policy requirements: Password should contain at least 1 uppercase character
• 15 05:49:19, mm2_main::rpc::dispatcher:125] ERROR RPC error response: lp_wallet:576] Password does not meet policy requirements: Password should contain at least 1 special character
• 15 05:49:50, mm2_main::rpc::dispatcher:125] ERROR RPC error response: lp_wallet:576] Password does not meet policy requirements: Password should contain at least 1 digit
• 15 05:50:39, mm2_main::rpc::dispatcher:125] ERROR RPC error response: lp_wallet:576] Password does not meet policy requirements: Password can't contain the word password
• able to change to weak password when allow_weak_password:false
• not able to change to weak password when allow_weak_password:false
• able to launch after changing to a weak password and changing config to allow_weak_password:false (good, no lock outs!)

Other

• allow_weak_password still defaults to false, and functions as expected with both boolean values.
• get_mnemonic returns expected response after changing to a weak password and changing config to allow_weak_password:false

LGTM!

[shamardy]

@mariocynicys all comments were addressed, please give this another look.