sandbox: disallow backslashes in path filter names

This should really be an allowlist rather than a denylist,
but for the time being this at least prevents someone from
causing an obtuse sandbox error by naming a file something like
"foo\".

Signed-off-by: William Woodruff <william@yossarian.net>

Library/Homebrew/sandbox.rb

@@ -235,7 +235,7 @@ class Sandbox
   # @api private
   sig { params(path: T.any(String, Pathname), type: Symbol).returns(String) }
   def path_filter(path, type)
-    invalid_char = ['"', "'", "(", ")", "\n"].find do |c|
+    invalid_char = ['"', "'", "(", ")", "\n", "\\"].find do |c|
       path.to_s.include?(c)
     end
     raise ArgumentError, "Invalid character #{invalid_char} in path: #{path}" if invalid_char

Library/Homebrew/test/sandbox_spec.rb

@@ -22,7 +22,7 @@ RSpec.describe Sandbox, :needs_macos do
   end
 
   describe "#path_filter" do
-    ["'", '"', "(", ")", "\n"].each do |char|
+    ["'", '"', "(", ")", "\n", "\\"].each do |char|
       it "fails if the path contains #{char}" do
         expect do
           sandbox.path_filter("foo#{char}bar", :subpath)