5.2.3 Malicious file execution (validate input to verify application does not accept filenames or files from users)