summaryrefslogtreecommitdiffhomepage
path: root/ci
diff options
context:
space:
mode:
authorDavid Lönnhager <david.l@mullvad.net>2021-11-09 15:15:31 +0100
committerDavid Lönnhager <david.l@mullvad.net>2021-11-09 15:15:31 +0100
commit84ce65fa8b539a6ff477540bd40fbff8acdb771c (patch)
treebbf757eb8d4f3472bdd04687cf9631b423ef02b0 /ci
parent51514cf10148bc797a52354903c736afe104b233 (diff)
parentb0726821f33bb134a175059debb551a155105901 (diff)
downloadmullvadvpn-84ce65fa8b539a6ff477540bd40fbff8acdb771c.tar.xz
mullvadvpn-84ce65fa8b539a6ff477540bd40fbff8acdb771c.zip
Merge branch 'cve-2021-42574-script'ios/2021.4
Diffstat (limited to 'ci')
-rwxr-xr-xci/check-trojan-source.sh29
1 files changed, 29 insertions, 0 deletions
diff --git a/ci/check-trojan-source.sh b/ci/check-trojan-source.sh
new file mode 100755
index 0000000000..7b18ad4952
--- /dev/null
+++ b/ci/check-trojan-source.sh
@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+
+# This script scans text and source code for bidirectional Unicode characters.
+# See CVE-2021-42574. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42574
+# UTF-8 encoding is assumed.
+
+set -eu
+
+export LC_ALL=en_US.UTF-8
+
+cd "$( dirname "${BASH_SOURCE[0]}" )/.."
+
+FILES=()
+while IFS='' read -r line; do FILES+=("$line"); done < <( find . -type f -exec grep -Il . {} + )
+
+CODEPOINT_REGEX=$( printf "\u202a\|\u202b\|\u202c\|\u202d\|\u202e\|\u2066\|\u2067\|\u2068\|\u2069" )
+
+matched=0
+
+echo "Scanning files: ${FILES[*]}"
+
+for file in "${FILES[@]}"; do
+ if grep -q "${CODEPOINT_REGEX}" "$file"; then
+ echo "Found code points in $file"
+ matched=1
+ fi
+done
+
+exit $matched