[move] Add Trojan source test to TextMate grammar

Add a test that confirms the Move TextMate language grammar correctly tokenizes comments, even when bidirectional Unicode control characters are present. Currently the Move source compiler does not allow for non-ASCII characters to be included in source code -- but this test shows that even if it did, users could be protected from this vulnerability by using the grammar. Closes: #9630
l-monninger · Nov 10, 2021 · 066f58a · 066f58a
1 parent dc2db16
commit 066f58a
Show file tree

Hide file tree

Showing 2 changed files with 524 additions and 0 deletions.
diff --git a/language/move-analyzer/editors/code/tests/colorize-fixtures/comments.move b/language/move-analyzer/editors/code/tests/colorize-fixtures/comments.move
@@ -68,6 +68,24 @@ address 0x1 {}
 /**/ address 0x2 {}
 /***/ address 0x3 {}
 
+// Test that the "Trojan source" vulnerability is mitigated by the TextMate language grammar.
+// See the byte representation in https://trojansource.codes/trojan-source.pdf, figure 3, where
+// U+202E is RLO, U+2066 is LRI, U+2069 is PDI:
+//
+// ```
+// /*<U+202E> } <U+2066>if (isAdmin)<U+2069> <U+2066> begin admins only */
+//     printf("You are an admin.\n");
+// /* end admin only <U+202E> { <U+2066>*/
+// ```
+//
+// `if (isAdmin) {` and `}` should be tokenized as comments.
+fun trojan_source() {
+  let isAdmin = false;
+  /*‮ } ⁦if (isAdmin)⁩ ⁦ begin admins only */
+      performPrivilegedOperation();
+  /* end admin only ‮ { ⁦*/
+}
+
 // FIXME: In VS Code, the comment extends until the carriage return `\r`, then
 // ends. Instead, line comments in Move extend until a line feed `\n`, and so
 // everything up to and including "return" should be part of the line comment.