summaryrefslogtreecommitdiffstats
path: root/tags/u/unicode-trojan.tag
diff options
context:
space:
mode:
Diffstat (limited to 'tags/u/unicode-trojan.tag')
-rw-r--r--tags/u/unicode-trojan.tag41
1 files changed, 41 insertions, 0 deletions
diff --git a/tags/u/unicode-trojan.tag b/tags/u/unicode-trojan.tag
new file mode 100644
index 0000000..23253d9
--- /dev/null
+++ b/tags/u/unicode-trojan.tag
@@ -0,0 +1,41 @@
+Tag: unicode-trojan
+Severity: pedantic
+Experimental: yes
+Check: files/unicode/trojan
+Explanation: The named text file contains a Unicode codepoint that has been
+ identified as a potential security risk.
+ .
+ There are two distinct attack vectors. One is homoglyphs in which text looks
+ confusingly similar to what a reader might expects, but is actually different.
+ The second is birectional attacks, in which the rendered text hides
+ potentially malicious characters.
+ .
+ Here are the relevant codepoints:
+ .
+ - ARABIC LETTER MARK (<code>U+061C</code>)
+ - LEFT-TO-RIGHT MARK (<code>U+200E</code>)
+ - RIGHT-TO-LEFT MARK (<code>U+200F</code>)
+ - LEFT-TO-RIGHT EMBEDDING (<code>U+202A</code>)
+ - RIGHT-TO-LEFT EMBEDDING (<code>U+202B</code>)
+ - POP DIRECTIONAL FORMATTING (<code>U+202C</code>)
+ - LEFT-TO-RIGHT OVERRIDE (<code>U+202D</code>)
+ - RIGHT-TO-LEFT OVERRIDE (<code>U+202E</code>)
+ - LEFT-TO-RIGHT ISOLATE (<code>U+2066</code>)
+ - RIGHT-TO-LEFT ISOLATE (<code>U+2067</code>)
+ - FIRST STRONG ISOLATE (<code>U+2068</code>)
+ - POP DIRECTIONAL ISOLATE (<code>U+2069</code>)
+ .
+ You can also run a similar check in your shell with that command:
+ .
+ <code>grep -r $'[\u061C\u200E\u200F\u202A\u202B\u202C\u202D\u202E\u2066\u2067\u2068\u2069]'</code>
+ .
+ The registered vulnerabilities are CVE-2021-42694 ("Homoglyph") and
+ CVE-2021-42574 ("Bidirectional Attack").
+See-Also:
+ https://nvd.nist.gov/vuln/detail/CVE-2021-42694,
+ https://nvd.nist.gov/vuln/detail/CVE-2021-42574,
+ https://www.trojansource.codes,
+ https://www.trojansource.codes/trojan-source.pdf,
+ https://en.wikipedia.org/wiki/Bidirectional_text,
+ https://www.ida.org/research-and-publications/publications/all/i/in/initial-analysis-of-underhanded-source-code,
+ https://www.ida.org/-/media/feature/publications/i/in/initial-analysis-of-underhanded-source-code/d-13166.ashx
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-10 06:27:26 +0000