diff options
| author | David Lönnhager <david.l@mullvad.net> | 2021-11-06 02:09:35 +0100 |
|---|---|---|
| committer | David Lönnhager <david.l@mullvad.net> | 2021-11-09 14:39:48 +0100 |
| commit | 7b1bed69b574734b61a9d4ff0c0dcd9e0d4e8c6d (patch) | |
| tree | f3c4c48b74512923ab483f52b731399e7f5cdade | |
| parent | 51514cf10148bc797a52354903c736afe104b233 (diff) | |
| download | mullvadvpn-7b1bed69b574734b61a9d4ff0c0dcd9e0d4e8c6d.tar.xz mullvadvpn-7b1bed69b574734b61a9d4ff0c0dcd9e0d4e8c6d.zip | |
Add script that scans files for code points (CVE-2021-42574)
| -rwxr-xr-x | ci/check-trojan-source.sh | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/ci/check-trojan-source.sh b/ci/check-trojan-source.sh new file mode 100755 index 0000000000..7b18ad4952 --- /dev/null +++ b/ci/check-trojan-source.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env bash + +# This script scans text and source code for bidirectional Unicode characters. +# See CVE-2021-42574. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42574 +# UTF-8 encoding is assumed. + +set -eu + +export LC_ALL=en_US.UTF-8 + +cd "$( dirname "${BASH_SOURCE[0]}" )/.." + +FILES=() +while IFS='' read -r line; do FILES+=("$line"); done < <( find . -type f -exec grep -Il . {} + ) + +CODEPOINT_REGEX=$( printf "\u202a\|\u202b\|\u202c\|\u202d\|\u202e\|\u2066\|\u2067\|\u2068\|\u2069" ) + +matched=0 + +echo "Scanning files: ${FILES[*]}" + +for file in "${FILES[@]}"; do + if grep -q "${CODEPOINT_REGEX}" "$file"; then + echo "Found code points in $file" + matched=1 + fi +done + +exit $matched |