Featured Articles

Nightmare on Lemmy Street (A Fediverse GDPR Horror Story)
Introducing BusKill: A Kill Cord for your Laptop
Detecting (Malicious) Unicode in GitHub PRs
WordPress Profiling with XHProf (Debugging & Optimizing Speed)
WordPress Multisite on the Darknet (Mercator .onion alias)
Trusted Boot (Anti-Evil-Maid, Heads, and PureBoot)
Hardening Guide for phpList
Crowdfunding on Crowd Supply (Review of my experience)
Continuous Documentation: Hosting Read the Docs on GitHub Pages (2/2)
previous arrow
next arrow

Detecting (Malicious) Unicode in GitHub PRs

Detecting Malicious Unicode in GitHub Pull Requests

This article will describe how you can utilize GitHub Actions to scan user-contributed PRs for unicode and automatically warn you if such commits contain (potentially invisible & malicious) unicode characters.

Why

Last month Trojan Source was published — which described how malicious unicode characters could make source code appear benign, yet compile to something quite malicious.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: Detecting (Malicious) Unicode in GitHub PRs