floofloof@lemmy.ca to

ProgrammingEnglish · 12 days ago

Detecting malicious Unicode

8

52

Detecting malicious Unicode

floofloof@lemmy.ca to

ProgrammingEnglish · 12 days ago

8

In a recent educational trick, curl contributor James Fuller submitted a pull-request to the project in which he suggested a larger cleanup of a set of scripts. In a later presentation, he could show us how not a single human reviewer in the team nor any CI job had spotted or remarked on one of … Continue reading Detecting malicious Unicode →

Chat

Bogasse@lemmy.ml
link
fedilink
arrow-up
6·
12 days ago
That’s exactly the solution from the article 👌

In the curl git repository most files and most content are plain old ASCII so we can “easily” whitelist a small set of UTF-8 sequences and some specific files, the rest of the files are simply not allowed to use UTF-8 at all as they will then fail the CI job and turn up red.

Programming

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person’s post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

Follow the programming.dev instance rules
Keep content related to programming in some way
If you’re posting long videos try to add in some form of tldr for those who don’t want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

270 users / day
1.2K users / week
3.43K users / month
7.65K users / 6 months
2.73K local subscribers
20.4K subscribers
2.24K Posts
36K Comments
Modlog