 
                            ...
When naming files, variables, and other objects, only these characters should be considered for use. This recommendation is related to STR02-AC. Sanitize data passed to complex subsystems.
File Names
File names containing particular characters can be troublesome and can cause unexpected behavior leading to potential vulnerabilities. If a program allows the user to specify a file name in the creation or renaming of a file, certain checks should be made to disallow the following characters and patterns:
...