Skip to content

Commit

Permalink
Update README
Browse files Browse the repository at this point in the history
  • Loading branch information
breml committed Nov 6, 2021
1 parent 5e88d47 commit 81fdf48
Showing 1 changed file with 41 additions and 1 deletion.
42 changes: 41 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# bidichk - checks for dangerous unicode character sequences

[![Test Status](https://github.com/breml/bidichk/workflows/Go%20Matrix/badge.svg)](https://github.com/breml/logstash-config/actions?query=workflow%3AGo%20Matrix) [![License](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
[![Test Status](https://github.com/breml/bidichk/workflows/Go%20Matrix/badge.svg)](https://github.com/breml/bidichk/actions?query=workflow%3AGo%20Matrix) [![Go Report Card](https://goreportcard.com/badge/github.com/breml/bidichk)](https://goreportcard.com/report/github.com/breml/bidichk) [![License](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)

bidichk finds dangerous unicode character sequences in Go source files.

Expand All @@ -18,6 +18,46 @@ The following unicode characters are considered dangerous:
* U+2068: FIRST-STRONG-ISOLATE
* U+2069: POP-DIRECTIONAL-ISOLATE

## Installation

Download `bidichk` from the [releases](https://github.com/breml/bidichk/releases) or get the latest version from source with:

```shell
go get github.com/breml/bidichk/cmd/bidichk
```

## Usage

### golangci-lint

[golangci-lint](https://golangci-lint.run) supports thelper, so you can enable this linter and use it.

### Shell

Check everything:

```shell
bidichk ./...
```

### Enable only required unicode runes

If you run bidichk via golangci-lint look at [.golangci.example.yml](https://golangci-lint.run/usage/configuration/#config-file) for an example of the configuration.

Otherwise you can run bidichk with `--disallowed-runes` flag to specify the runes you consider harmful.

E.g. the following command considers only the `LEFT-TO-RIGHT-OVERRIDE` unicode rune as dangerous:

```shell
bidichk --disallowed-runes LEFT-TO-RIGHT-OVERRIDE ./...
```

For the full list of supported unicode runes [see above](#considered-dangerous-unicode-characters) or use

```shell
bidichk --help
```

## Inspiration

* ['Trojan Source' Bug Threatens the Security of All Code](https://krebsonsecurity.com/2021/11/trojan-source-bug-threatens-the-security-of-all-code/)
Expand Down

0 comments on commit 81fdf48

Please sign in to comment.