standard icon indicating copy to clipboard operation
standard copied to clipboard

Published 20 hours ago verified publisher icon standard

add anti-trojan charset detection

Open simone-sanfratello opened this issue 3 years ago • 7 comments

What version of this package are you using?

usually the latest

What problem do you want to solve?

https://certitude.consulting/blog/en/invisible-backdoor/

What do you think is the correct solution to this problem?

use this plugin https://github.com/lirantal/eslint-plugin-anti-trojan-source

Are you willing to submit a pull request to implement this change?

yes

simone-sanfratello avatar Nov 11 '21 08:11 simone-sanfratello

Seems like this might be added directly to ESLint: https://github.com/eslint/eslint/issues/15240

LinusU avatar Nov 11 '21 10:11 LinusU

Just as a note, the plugin linked doesn't actually detect the attack the article you linked explains; it seems the plugin is only for the bidi detection, not the invisible/homoglpyh ones the article is about. It seems the built-in eslint rule proposal @LinusU pointed to would cover all the cases unlike the plugin.

dougwilson avatar Nov 11 '21 18:11 dougwilson

Let's wait for the core one then, and keep this one open to track it 👍

voxpelli avatar Nov 12 '21 08:11 voxpelli

It seems still open on the main repo... After almost a year, should we reconsider adding it directly to Standard?

lmammino avatar Oct 21 '22 08:10 lmammino

I pinged in the eslint issue, let's see if there is an update...

LinusU avatar Oct 26 '22 11:10 LinusU

Upstream has requested that we file a feature request here:

https://github.com/nodesecurity/eslint-plugin-security

@simone-sanfratello or @lmammino, would you be able to do this?

LinusU avatar Oct 31 '22 16:10 LinusU

Yes!

simone-sanfratello avatar Nov 01 '22 05:11 simone-sanfratello