Feature request: Add check for Trojan Source attacks (CVE-2021-42574)

**Feature request**

gosec currently does not detect Trojan Source attacks (CVE-2021-42574).
This attack uses Unicode bidirectional control characters to make source code appear different to reviewers than what compilers actually execute.

**What I would like to add**

Add a new rule that detects Unicode Bidi control characters in source code.

**Additional context**

- Bandit (Python) already has this check as [B613](https://bandit.readthedocs.io/en/latest/plugins/b613_trojansource.html)
- Reference: https://trojansource.codes/

I'm happy to submit a PR if this feature is welcomed.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Feature request: Add check for Trojan Source attacks (CVE-2021-42574) #1429

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Feature request: Add check for Trojan Source attacks (CVE-2021-42574) #1429

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions