[ovs-dev] [PATCH v2] checkpatch: Detect "trojan source" attack

Aaron Conole aconole at redhat.com
Thu Nov 18 13:44:47 UTC 2021


Ilya Maximets <i.maximets at ovn.org> writes:

> On 11/17/21 17:58, Aaron Conole wrote:
>> Mike Pattrick <mkp at redhat.com> writes:
>> 
>>> Recently there has been a lot of press about the "trojan source" attack,
>>> where Unicode characters are used to obfuscate the true functionality of
>>> code. This attack didn't effect OVS, but adding the check here will help
>>> guard against it sneaking in later.
>>>
>>> Signed-off-by: Mike Pattrick <mkp at redhat.com>
>>> ---
>>> Changes in v2:
>>>    - Now all unicode characters will result in an error.
>>> ---
>> 
>> I was going to suggest a checkpatch test for this - but that might
>> result in the patch triggering itself with an error (because the robot
>> uses the submitted version of checkpatch.py when testing).
>> 
>> WDYT, Ilya, Gaëtan?
>
> I think, it's good to have a test for a secutiry related functionality.
> And I don't think that checkpatch checks python or test files.  Does it?

It will in some cases, but this isn't one.  Okay I missed it.  Yes,
please add a test to tests/checkpatch.at so that we can ensure this
behavior.

>> 
>> In either case:
>> 
>> Acked-by: Aaron Conole <aconole at redhat.com>
>> 



More information about the dev mailing list