Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New lint: detect homoglyphs #2368

Closed
gnzlbg opened this issue Jan 17, 2018 · 3 comments
Closed

New lint: detect homoglyphs #2368

gnzlbg opened this issue Jan 17, 2018 · 3 comments
Labels
A-lint Area: New lints

Comments

@gnzlbg
Copy link
Contributor

gnzlbg commented Jan 17, 2018

Homoglyphs are different unicode characters that to the naked eye look the same.

#![feature(non_ascii_idents)]
fn main() {
    let a = 2;
    let а = 3;
    assert_eq!(a, 2);
    assert_eq!(а, 3);
}

where a is latin lower case a, and а is cyrillic lower case a. Another example is: A, Α, А (Latin-A, Greek Alpha, Cyrillic-A).

This binary runs on my machine without errors, but it seems that the Rust playground doesn't support unicode yet.

Homoglyph-based attacks are typically used in domain names, and underhanded code.

To prevent this attacks we can check whether any two identifiers in scope are homoglyphs, and warn about it.

@oli-obk
Copy link
Contributor

oli-obk commented Jan 17, 2018

Rustc has a list for symbols already: https://github.com/wafflespeanut/rust/blob/7f63c7cf4c2938c31de3d63fc769706f0d87cb54/src/libsyntax/parse/lexer/unicode_chars.rs

The full list of confusable unicodes is http://www.unicode.org/Public/security/revision-06/confusables.txt

We should probably automatically parse that file into an array and use that (instead of attempting any manual transcription/processing of the file)

@Centril
Copy link
Contributor

Centril commented Oct 29, 2018

cc rust-lang/rust#55467.

@phansch phansch added the A-lint Area: New lints label Dec 11, 2018
@phansch
Copy link
Member

phansch commented Apr 25, 2020

Since it seems like it's going to be implemented in rustc directly, I'm going to go ahead and close this issue.

The tracking issue linked above is still relevant. There already is a non_ascii_identifiers lint and a PR was opened to implement homoglyph detection for identifiers as well.

@phansch phansch closed this as completed Apr 25, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-lint Area: New lints
Projects
None yet
Development

No branches or pull requests

4 participants