Fix path traversal issue with example filename

[mkienow-r7]

Description

Fixes path traversal issue with example _filename attribute. Thanks to @dabdine for bringing attention to the issue! In addition, this enhances bin/recog_verify to be more resilient if an exception occurs while processing more than one fingerprint file.

<example _filename="../../../illegal/path"/>

Motivation and Context

Ensure recog doesn't access files and directories that are out of scope.

How Has This Been Tested?

• rake tests
• ./bin/recog_verify with test fingerprints copied into the XML directory

path-traversal.xml

<?xml version='1.0' encoding='UTF-8'?>
<fingerprints matches="test-path-traversal" protocol="test" database_type="test" preference="0.90">
  <fingerprint pattern="^dne$">
    <description>path traversal test</description>
     <example _filename="../path-traversal"></example>
  </fingerprint>
</fingerprints>

bad-regex.xml

<?xml version='1.0' encoding='UTF-8'?>
<fingerprints matches="test-bad-regex" protocol="test" database_type="test" preference="0.90">
  <fingerprint pattern="^($">
  </fingerprint>
</fingerprints>

Test Output

$ ./bin/recog_verify xml/path-traversal.xml
xml/path-traversal.xml:3: FAIL: an example specifies an illegal file path '../path-traversal'

$ ./bin/recog_verify xml/bad-regex.xml
xml/bad-regex.xml: FAIL: end pattern with unmatched parenthesis: /^($/

$ ./bin/recog_verify xml/*.xml
xml/apache_modules.xml: SUMMARY: Test completed with 298 successful, 0 warnings, and 0 failures
xml/apache_os.xml: SUMMARY: Test completed with 42 successful, 0 warnings, and 0 failures
xml/architecture.xml: SUMMARY: Test completed with 16 successful, 0 warnings, and 0 failures
xml/bad-regex.xml: FAIL: end pattern with unmatched parenthesis: /^($/
...
xml/path-traversal.xml:3: FAIL: an example specifies an illegal file path '../path-traversal'
...
xml/x509_subjects.xml: SUMMARY: Test completed with 195 successful, 0 warnings, and 0 failures

Types of changes

• Bug fix (non-breaking change which fixes an issue)

Checklist:

• [x] I have updated the documentation accordingly (or changes are not required).
• [x] I have added tests to cover my changes (or new tests are not required).
• [x] All new and existing tests passed.