You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Recently some possible misuses of unicode characters were described.
See PEP 672 for a description.
Describe the solution you'd like
It would be nice to have some Bandit rules that can be configured:
An optional filter that enforces ASCII - only (excluding \u[0-9a-f]+, \b, \r, \x1A, \x1B) in all file contents
An optional filter that enforces ASCII only as filenames
adversaries can attack the encoding of source code files to inject vulnerabilities
The trick is to use Unicode control characters to reorder tokens in source code at the encoding level.
The simplest defense is to ban the use of text directionality control characters
If an application wishes to print text that requires Bidi overrides, developers can generate those characters using escape sequences rather than embedding potentially dangerous characters into source code.
I'm willing to work on a PR if maintainers at @PyCQA approve this feature
Is your feature request related to a problem? Please describe.
Recently some possible misuses of unicode characters were described.
See PEP 672 for a description.
Describe the solution you'd like
It would be nice to have some Bandit rules that can be configured:
\u[0-9a-f]+
,\b
,\r
,\x1A
,\x1B
) in all file contents\u[0-9a-f]+
,\b
,\r
,\x1A
,\x1B
)Describe alternatives you've considered
See linked PEP.
The content of the filters is of course up to debate.
The text was updated successfully, but these errors were encountered: