|
|
|
|
@ -44,21 +44,33 @@ contract Token |
|
|
|
|
''' |
|
|
|
|
WIKI_RECOMMENDATION = 'Special control characters must not be allowed.' |
|
|
|
|
|
|
|
|
|
RTLO_CHARACTER_ENCODED = "\u202e".encode('utf-8') |
|
|
|
|
|
|
|
|
|
def _detect(self): |
|
|
|
|
results = [] |
|
|
|
|
|
|
|
|
|
pattern = re.compile(".*\u202e.*") |
|
|
|
|
for filename, source in self.slither.source_code.items(): |
|
|
|
|
info = "{} contains a unicode right-to-left-override character:\n".format(filename) |
|
|
|
|
found = False |
|
|
|
|
for match in pattern.finditer(source): |
|
|
|
|
match_line = match.group(0) |
|
|
|
|
info += "\t- {}\n".format(match_line) |
|
|
|
|
found = True |
|
|
|
|
|
|
|
|
|
if found: |
|
|
|
|
json = self.generate_json_result(info) |
|
|
|
|
self.add_other_to_json("rtlo-character", (filename, 0, 0), json) |
|
|
|
|
results.append(json) |
|
|
|
|
# Attempt to find all RTLO characters in this source file. |
|
|
|
|
source_encoded = source.encode('utf-8') |
|
|
|
|
start_index = 0 |
|
|
|
|
|
|
|
|
|
# Keep searching all file contents for the character. |
|
|
|
|
while True: |
|
|
|
|
result_index = source_encoded.find(self.RTLO_CHARACTER_ENCODED, start_index) |
|
|
|
|
|
|
|
|
|
# If we couldn't find the character in the remainder of source, stop. |
|
|
|
|
if result_index == -1: |
|
|
|
|
break |
|
|
|
|
else: |
|
|
|
|
# We found another instance of the character, define our output |
|
|
|
|
info = f"{filename} contains a unicode right-to-left-override character at byte offset {result_index}" |
|
|
|
|
|
|
|
|
|
json = self.generate_json_result(info) |
|
|
|
|
self.add_other_to_json("rtlo-character", |
|
|
|
|
(filename, result_index, len(self.RTLO_CHARACTER_ENCODED)), json) |
|
|
|
|
results.append(json) |
|
|
|
|
|
|
|
|
|
# Advance the start index for the next iteration |
|
|
|
|
start_index = result_index + 1 |
|
|
|
|
|
|
|
|
|
return results |
|
|
|
|
|
David Pokora
6 years ago