diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..2cfa6f8 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,32 @@ +name: goreleaser + +on: + push: + tags: + - 'v[0-9]*' + +jobs: + goreleaser: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - + name: Set up Go + uses: actions/setup-go@v2 + with: + go-version: 1.16 + + - + name: Run GoReleaser + uses: goreleaser/goreleaser-action@v2 + with: + distribution: goreleaser + version: latest + args: release --rm-dist + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.goreleaser.yml b/.goreleaser.yml new file mode 100644 index 0000000..af06ff2 --- /dev/null +++ b/.goreleaser.yml @@ -0,0 +1,31 @@ +# This is an example .goreleaser.yml file with some sane defaults. +# Make sure to check the documentation at http://goreleaser.com +before: + hooks: + # You may remove this if you don't use go modules. + - go mod tidy +builds: + - main: ./cmd/bidichk + binary: bidichk + env: + - CGO_ENABLED=0 + goos: + - linux + - windows + - darwin +archives: + - name_template: "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}" + replacements: + darwin: Darwin + linux: Linux + windows: Windows + 386: i386 + amd64: x86_64 +snapshot: + name_template: "{{ .Tag }}-next" +changelog: + skip: true +release: + github: + owner: breml + name: bidichk diff --git a/README.md b/README.md index 79cf79c..f6946e3 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # bidichk - checks for dangerous unicode character sequences -[![Test Status](https://github.com/breml/bidichk/workflows/Go%20Matrix/badge.svg)](https://github.com/breml/logstash-config/actions?query=workflow%3AGo%20Matrix) [![License](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE) +[![Test Status](https://github.com/breml/bidichk/workflows/Go%20Matrix/badge.svg)](https://github.com/breml/bidichk/actions?query=workflow%3AGo%20Matrix) [![Go Report Card](https://goreportcard.com/badge/github.com/breml/bidichk)](https://goreportcard.com/report/github.com/breml/bidichk) [![License](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE) bidichk finds dangerous unicode character sequences in Go source files. @@ -18,6 +18,46 @@ The following unicode characters are considered dangerous: * U+2068: FIRST-STRONG-ISOLATE * U+2069: POP-DIRECTIONAL-ISOLATE +## Installation + +Download `bidichk` from the [releases](https://github.com/breml/bidichk/releases) or get the latest version from source with: + +```shell +go get github.com/breml/bidichk/cmd/bidichk +``` + +## Usage + +### golangci-lint + +[golangci-lint](https://golangci-lint.run) supports thelper, so you can enable this linter and use it. + +### Shell + +Check everything: + +```shell +bidichk ./... +``` + +### Enable only required unicode runes + +If you run bidichk via golangci-lint look at [.golangci.example.yml](https://golangci-lint.run/usage/configuration/#config-file) for an example of the configuration. + +Otherwise you can run bidichk with `--disallowed-runes` flag to specify the runes you consider harmful. + +E.g. the following command considers only the `LEFT-TO-RIGHT-OVERRIDE` unicode rune as dangerous: + +```shell +bidichk --disallowed-runes LEFT-TO-RIGHT-OVERRIDE ./... +``` + +For the full list of supported unicode runes [see above](#considered-dangerous-unicode-characters) or use + +```shell +bidichk --help +``` + ## Inspiration * ['Trojan Source' Bug Threatens the Security of All Code](https://krebsonsecurity.com/2021/11/trojan-source-bug-threatens-the-security-of-all-code/) diff --git a/pkg/bidichk/bidichk.go b/pkg/bidichk/bidichk.go index 30ea0ff..70e708b 100644 --- a/pkg/bidichk/bidichk.go +++ b/pkg/bidichk/bidichk.go @@ -120,6 +120,7 @@ type bidichk struct { disallowedRunes disallowedRunes } +// NewAnalyzer return a new bidichk analyzer. func NewAnalyzer() *analysis.Analyzer { bidichk := bidichk{} bidichk.disallowedRunes = make(map[string]rune, len(runeLookup))