Recently there has been a lot of press about the "trojan source" attack, where Unicode characters are used to obfuscate the true functionality of code. This attack didn't effect OVS, but adding the check here will help guard against it sneaking in later.
Signed-off-by: Mike Pattrick <[email protected]> --- utilities/checkpatch.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/utilities/checkpatch.py b/utilities/checkpatch.py index 16f46c78e..cbe9b9a4a 100755 --- a/utilities/checkpatch.py +++ b/utilities/checkpatch.py @@ -181,6 +181,8 @@ __regex_added_doc_rst = re.compile( __regex_empty_return = re.compile(r'\s*return;') __regex_if_macros = re.compile(r'^ +(%s) \([\S]([\s\S]+[\S])*\) { +\\' % __parenthesized_constructs) +__regex_bidi_characters = re.compile('\u061C|\u200E|\u200F|\u2066' + '|\u2067|\u2068|\u2069|\u202A|\u202B|\u202C|\u202D|\u202E') skip_leading_whitespace_check = False skip_trailing_whitespace_check = False @@ -294,6 +296,11 @@ def pointer_whitespace_check(line): return __regex_ptr_declaration_missing_whitespace.search(line) is not None +def bidi_character_check(line): + """Return TRUE if inappropriate Unicode characters are detected """ + return __regex_bidi_characters.search(line) is not None + + def cast_whitespace_check(line): """Return TRUE if there is no space between the '()' used in a cast and the expression whose type is cast, i.e.: '(void *)foo'""" @@ -565,6 +572,11 @@ checks = [ 'print': lambda: print_error("Inappropriate spacing in pointer declaration")}, + {'regex': r'(\.c|\.h)(\.in)?$', 'match_name': None, + 'check': lambda x: bidi_character_check(x), + 'print': + lambda: print_error("Inappropriate Unicode characters detected.")}, + {'regex': r'(\.c|\.h)(\.in)?$', 'match_name': None, 'prereq': lambda x: not is_comment_line(x), 'check': lambda x: cast_whitespace_check(x), -- 2.30.2 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
