-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New lint: detect homoglyphs #2368
Comments
Rustc has a list for symbols already: https:/wafflespeanut/rust/blob/7f63c7cf4c2938c31de3d63fc769706f0d87cb54/src/libsyntax/parse/lexer/unicode_chars.rs The full list of confusable unicodes is http://www.unicode.org/Public/security/revision-06/confusables.txt We should probably automatically parse that file into an array and use that (instead of attempting any manual transcription/processing of the file) |
Since it seems like it's going to be implemented in rustc directly, I'm going to go ahead and close this issue. The tracking issue linked above is still relevant. There already is a |
Homoglyphs are different unicode characters that to the naked eye look the same.
where
a
is latin lower case a, andа
is cyrillic lower case a. Another example is: A, Α, А (Latin-A, Greek Alpha, Cyrillic-A).This binary runs on my machine without errors, but it seems that the Rust playground doesn't support unicode yet.
Homoglyph-based attacks are typically used in domain names, and underhanded code.
To prevent this attacks we can check whether any two identifiers in scope are homoglyphs, and warn about it.
The text was updated successfully, but these errors were encountered: