diff options
Diffstat (limited to 'lib/Lintian/Check/Files/Unicode')
-rw-r--r-- | lib/Lintian/Check/Files/Unicode/Trojan.pm | 134 |
1 files changed, 134 insertions, 0 deletions
diff --git a/lib/Lintian/Check/Files/Unicode/Trojan.pm b/lib/Lintian/Check/Files/Unicode/Trojan.pm new file mode 100644 index 0000000..5c4f2e1 --- /dev/null +++ b/lib/Lintian/Check/Files/Unicode/Trojan.pm @@ -0,0 +1,134 @@ +# files/unicode/trojan -- lintian check script -*- perl -*- + +# Copyright (C) 1998 Christian Schwarz and Richard Braakman +# Copyright (C) 2019 Chris Lamb <lamby@debian.org> +# Copyright (C) 2020 Felix Lechner +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, you can find it on the World Wide +# Web at https://www.gnu.org/copyleft/gpl.html, or write to the Free +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. + +package Lintian::Check::Files::Unicode::Trojan; + +use v5.20; +use warnings; +use utf8; + +use Const::Fast; +use Unicode::UTF8 qw(decode_utf8 encode_utf8 valid_utf8); + +use Moo; +use namespace::clean; + +with 'Lintian::Check'; + +const my $DOUBLE_QUOTE => q{"}; + +const my %NAMES_BY_CHARACTER => ( + qq{\N{ARABIC LETTER MARK}} => 'ARABIC LETTER MARK', # U+061C + qq{\N{LEFT-TO-RIGHT MARK}} => 'LEFT-TO-RIGHT MARK', # U+200E + qq{\N{RIGHT-TO-LEFT MARK}} => 'RIGHT-TO-LEFT MARK', # U+200F + qq{\N{LEFT-TO-RIGHT EMBEDDING}} => 'LEFT-TO-RIGHT EMBEDDING', # U+202A + qq{\N{RIGHT-TO-LEFT EMBEDDING}} => 'RIGHT-TO-LEFT EMBEDDING', # U+202B + qq{\N{POP DIRECTIONAL FORMATTING}} =>'POP DIRECTIONAL FORMATTING', # U+202C + qq{\N{LEFT-TO-RIGHT OVERRIDE}} => 'LEFT-TO-RIGHT OVERRIDE', # U+202D + qq{\N{RIGHT-TO-LEFT OVERRIDE}} => 'RIGHT-TO-LEFT OVERRIDE', # U+202E + qq{\N{LEFT-TO-RIGHT ISOLATE}} => 'LEFT-TO-RIGHT ISOLATE', # U+2066 + qq{\N{RIGHT-TO-LEFT ISOLATE}} => 'RIGHT-TO-LEFT ISOLATE', # U+2067 + qq{\N{FIRST STRONG ISOLATE}} => 'FIRST STRONG ISOLATE', # U+2068 + qq{\N{POP DIRECTIONAL ISOLATE}} => 'POP DIRECTIONAL ISOLATE', # U+2069 +); + +sub visit_patched_files { + my ($self, $item) = @_; + + $self->check_for_trojan($item); + + return; +} + +sub visit_installed_files { + my ($self, $item) = @_; + + $self->check_for_trojan($item); + + return; +} + +sub check_for_trojan { + my ($self, $item) = @_; + + if (valid_utf8($item->name)) { + + my $decoded_name = decode_utf8($item->name); + + # all file names + for my $character (keys %NAMES_BY_CHARACTER) { + + $self->pointed_hint( + 'unicode-trojan', + $item->pointer, + 'File name', + sprintf('U+%vX', $character), + $DOUBLE_QUOTE. $NAMES_BY_CHARACTER{$character}. $DOUBLE_QUOTE + ) if $decoded_name =~ m{\Q$character\E}; + } + } + + return + unless $item->is_script; + + open(my $fd, '<', $item->unpacked_path) + or die encode_utf8('Cannot open ' . $item->unpacked_path); + + my $position = 1; + while (my $line = <$fd>) { + + chomp $line; + + next + unless valid_utf8($line); + + my $decoded = decode_utf8($line); + + my $pointer = $item->pointer($position); + + for my $character (keys %NAMES_BY_CHARACTER) { + + $self->pointed_hint( + 'unicode-trojan', + $pointer, + 'Contents', + sprintf('U+%vX', $character), + $DOUBLE_QUOTE. $NAMES_BY_CHARACTER{$character}. $DOUBLE_QUOTE + )if $decoded =~ m{\Q$character\E}; + } + + } continue { + ++$position; + } + + close $fd; + + return; +} + +1; + +# Local Variables: +# indent-tabs-mode: nil +# cperl-indent-level: 4 +# End: +# vim: syntax=perl sw=4 sts=4 sr et |