Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

For security, error on source files with Unicode directional formatting characters #10017

Merged
merged 1 commit into from May 2, 2022
Merged

For security, error on source files with Unicode directional formatting characters #10017

merged 1 commit into from May 2, 2022

Conversation

lrytz
Copy link
Member

@lrytz lrytz commented Apr 26, 2022
edited

Don't allow characters with unicode property Bidi_Class in source files. String / character literals can contain such characters through unicode escapes.

Fixes scala/bug#12478

@scala-jenkins scala-jenkins added this to the 2.13.10 milestone Apr 26, 2022
@SethTisue SethTisue added release-notes worth highlighting in next release notes backport candidate labels Apr 26, 2022
@SethTisue SethTisue modified the milestones: 2.13.10, 2.13.9 Apr 26, 2022
@lrytz
Copy link
Member Author

lrytz commented Apr 26, 2022

@sjrd could you maybe review this?

som-snytt
som-snytt approved these changes Apr 26, 2022
View reviewed changes
Copy link
Contributor

@som-snytt som-snytt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's a simple mechanism, so they will slip no bidi chars past the goalie.

@lrytz
Error on source files with unicode directional formatting characters
fd97b40 
Don't allow characters with unicode property `Bidi_Class` in source
files.
@lrytz lrytz merged commit 21a5643 into scala:2.13.x May 2, 2022
@lrytz
Copy link
Member Author

lrytz commented May 3, 2022

Backport to 2.12 is not trivial because 2.12 eagerly interpretes \u escapes in the scanner, so i don't know how to let the escapes pass in string / char literals.

scala/src/compiler/scala/tools/nsc/util/CharArrayReader.scala

Line 82 in 7dbc139

if (c == '\\') potentialUnicode()

@lrytz
Copy link
Member Author

lrytz commented May 3, 2022

I guess just let any escapes pass on 2.12, just error if the codepoints appear in the file.

@lrytz lrytz mentioned this pull request May 3, 2022
Merged
SethTisue added a commit to SethTisue/scala that referenced this pull request May 9, 2022
@SethTisue
loosen unicode directional character check
e5883ad 
as per discussion on scala#10017, we were flagging too many characters.
a false positive came up in the community build; I modified
the test case to include it.
@SethTisue SethTisue mentioned this pull request May 9, 2022
Merged
@SethTisue
Copy link
Member

adjusted a bit by #10030

@SethTisue SethTisue changed the title Error on source files with unicode directional formatting characters For security, error on source files with Unicode directional formatting characters Aug 31, 2022
danarmak added a commit to danarmak/scala that referenced this pull request Oct 21, 2022
@danarmak
Document: don't allow characters with unicode property Bidi_Class in …
14c1934 
…source files

Update documentation with changes made in scala#10017, scala#10023, scala#10030
@danarmak danarmak mentioned this pull request Oct 21, 2022
Merged
danarmak added a commit to danarmak/scala that referenced this pull request Oct 27, 2022
@danarmak
Document: don't allow characters with unicode property Bidi_Class in …
2c59f07 
…source files

Update documentation with changes made in scala#10017
danarmak added a commit to danarmak/scala that referenced this pull request Oct 27, 2022
@danarmak
Document: don't allow characters with unicode property Bidi_Class in …
2e8382c 
…source files

Update documentation with changes made in scala#10017
danarmak added a commit to danarmak/scala that referenced this pull request Oct 27, 2022
@danarmak
Document: don't allow characters with unicode property Bidi_Class in …
88ae672 
…source files

Update documentation with changes made in scala#10017
danarmak added a commit to danarmak/scala that referenced this pull request Oct 31, 2022
@danarmak
Document: don't allow characters with unicode property Bidi_Class in …
2abe09c 
…source files

Update documentation with changes made in scala#10017
danarmak added a commit to danarmak/scala that referenced this pull request Oct 31, 2022
@danarmak
Document: don't allow characters with unicode property Bidi_Class in …
4501c90 
…source files

Update documentation with changes made in scala#10017
danarmak added a commit to danarmak/scala that referenced this pull request Oct 31, 2022
@danarmak
Document: don't allow characters with unicode property Bidi_Class in …
d874f79 
…source files

Update documentation with changes made in scala#10017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sjrd sjrd sjrd approved these changes

@som-snytt som-snytt som-snytt approved these changes

Assignees
No one assigned
Labels
backport candidate release-notes worth highlighting in next release notes
Projects
None yet
Milestone
2.13.9
5 participants
@lrytz @SethTisue @som-snytt @sjrd @scala-jenkins