checkpatch: Detect "trojan source" attack.

Recently there has been a lot of press about the "trojan source" attack, where Unicode characters are used to obfuscate the true functionality of code. This attack didn't effect OVS, but adding the check here will help guard against it sneaking in later. Signed-off-by: Mike Pattrick <[email protected]> Acked-by: Gaetan Rivet <[email protected]> Signed-off-by: Ilya Maximets <[email protected]>
asdlei99 · Jan 4, 2022 · 0d1ffb7 · 0d1ffb7
1 parent 428b11c
commit 0d1ffb7
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 1 deletion.
diff --git a/tests/checkpatch.at b/tests/checkpatch.at
@@ -424,3 +424,25 @@ try_checkpatch \
 "
 
 AT_CLEANUP
+
+AT_SETUP([checkpatch - Unicode code])
+try_checkpatch \
+   "COMMON_PATCH_HEADER
+    +     if (snowman == ☃️) {  /* Emoji
+    +     void НelloWorld() {  /* Homoglyph
+    +     ة /* ;C++            /* BiDi
+    " \
+    "ERROR: Inappropriate non-ascii characters detected.
+    #8 FILE: A.c:1:
+         if (snowman == ☃️) {  /* Emoji
+
+ERROR: Inappropriate non-ascii characters detected.
+    #9 FILE: A.c:2:
+         void НelloWorld() {  /* Homoglyph
+
+ERROR: Inappropriate non-ascii characters detected.
+    #10 FILE: A.c:3:
+         ة /* ;C++            /* BiDi
+"
+
+AT_CLEANUP
diff --git a/utilities/checkpatch.py b/utilities/checkpatch.py
@@ -181,6 +181,7 @@ def reset_counters():
 __regex_empty_return = re.compile(r'\s*return;')
 __regex_if_macros = re.compile(r'^ +(%s) \([\S]([\s\S]+[\S])*\) { +\\' %
                                __parenthesized_constructs)
+__regex_nonascii_characters = re.compile("[^\u0000-\u007f]")
 
 skip_leading_whitespace_check = False
 skip_trailing_whitespace_check = False
@@ -294,6 +295,11 @@ def pointer_whitespace_check(line):
     return __regex_ptr_declaration_missing_whitespace.search(line) is not None
 
 
+def nonascii_character_check(line):
+    """Return TRUE if inappropriate Unicode characters are detected """
+    return __regex_nonascii_characters.search(line) is not None
+
+
 def cast_whitespace_check(line):
     """Return TRUE if there is no space between the '()' used in a cast and
        the expression whose type is cast, i.e.: '(void *)foo'"""
@@ -565,6 +571,11 @@ def empty_return(line):
      'print':
      lambda: print_error("Inappropriate spacing in pointer declaration")},
 
+    {'regex': r'(\.c|\.h)(\.in)?$', 'match_name': None,
+     'check': lambda x: nonascii_character_check(x),
+     'print':
+     lambda: print_error("Inappropriate non-ascii characters detected.")},
+
     {'regex': r'(\.c|\.h)(\.in)?$', 'match_name': None,
      'prereq': lambda x: not is_comment_line(x),
      'check': lambda x: cast_whitespace_check(x),
@@ -943,7 +954,7 @@ def ovs_checkpatch_print_result():
 
 def ovs_checkpatch_file(filename):
     try:
-        mail = email.message_from_file(open(filename, 'r'))
+        mail = email.message_from_file(open(filename, 'r', encoding='utf8'))
     except:
         print_error("Unable to parse file '%s'. Is it a patch?" % filename)
         return -1