Currently file:read_file and all other operations that accept a file system path representing file, including in other modules such as prim_file, silently accept and discard the remaining of a string / binary when a null byte is present. For example, if I have a "README.md" file in the current directory, I can read it with the commands below:
1> file:read_file("README.md\0.txt").
{ok, ...}2> file:read_file(<<"README.md\0.txt">>).
{ok, ...}
This can be a security issue in applications that perform operations based on the filename. For example, filename:extname/1 returns the extension name after the null byte:
3> filename:extension("README.md\0.txt").
".txt"
So an entity could be made to believe it is handling a file with extension .xxx while it is serving a file with extension .yyy.
While I don't believe this poises a security issue in OTP itself, I believe the platform would be safer if it raised when a string or binary with a null byte is given anytime we are interacting with the filesystem.
For some reference, Java, Python, Node and Ruby all raise if the string/binary contains a null byte. Haskell is the only language that does not in my initial analysis.