Featured Articles

Crowdfunding on Crowd Supply (Review of my experience)
Hardening Guide for phpList
WordPress Multisite on the Darknet (Mercator .onion alias)
Trusted Boot (Anti-Evil-Maid, Heads, and PureBoot)
Guide to Finding Lemmy Communities (Subreddits)
WordPress Profiling with XHProf (Debugging & Optimizing Speed)
Detecting (Malicious) Unicode in GitHub PRs
Continuous Documentation: Hosting Read the Docs on GitHub Pages (2/2)
Introducing BusKill: A Kill Cord for your Laptop
previous arrow
next arrow

Detecting (Malicious) Unicode in GitHub PRs

Detecting Malicious Unicode in GitHub Pull Requests

This article will describe how you can utilize GitHub Actions to scan user-contributed PRs for unicode and automatically warn you if such commits contain (potentially invisible & malicious) unicode characters.

Why

Last month Trojan Source was published --- which described how malicious unicode characters could make source code appear benign, yet compile to something quite malicious.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: Detecting (Malicious) Unicode in GitHub PRs