On Thu, Nov 18, 2021, at 16:45, Mike Pattrick wrote: > Recently there has been a lot of press about the "trojan source" attack, > where Unicode characters are used to obfuscate the true functionality of > code. This attack didn't effect OVS, but adding the check here will help > guard against it sneaking in later. > > Signed-off-by: Mike Pattrick <[email protected]> > --- > Changes in v2: > - Now all unicode characters will result in an error. > > Changes in v3: > - Added a test to validate behavior > > Signed-off-by: Mike Pattrick <[email protected]>
Hello Mike, Thanks for the test, it's useful. I think the regex pattern might have expressed its intent in a clearer way[1], but this is really a nit. I'm not even fully convinced the alternative reads better, it's just that the intent of 'covering all printable ascii' is understood only by knowing the ascii values of ' ' and '~'. But this is a nit, and the intent is conveyed by the variable name anyway. Acked-by: Gaetan Rivet <[email protected]> [1]: by replacing '[^ -~\t]' by '[^\u0020-\u007e\t]', or even '[^\u0000-\u007f]' for a strict/dumb 'non-ascii' definition. Best regards, -- Gaetan Rivet _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
