Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add homoglyphs rule types #51

Merged
merged 2 commits into from
Feb 26, 2024
Merged

Add homoglyphs rule types #51

merged 2 commits into from
Feb 26, 2024

Conversation

teodor-yanev
Copy link
Contributor

@teodor-yanev teodor-yanev commented Feb 9, 2024
edited
Loading

The implications of homoglyphs type of attacks are described in mindersec/minder#2121
It also contains additional explicatory links and useful examples.

@teodor-yanev teodor-yanev self-assigned this Feb 9, 2024
@teodor-yanev teodor-yanev requested a review from JAORMX February 9, 2024 19:24
jhrozek
jhrozek reviewed Feb 23, 2024
View reviewed changes
Copy link
Contributor

@jhrozek jhrozek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could we add links that describe what kind of attack this prevents? I don't think they are very well known

@teodor-yanev
Copy link
Contributor Author

could we add links that describe what kind of attack this prevents? I don't think they are very well known

Added in the description now, thanks for noting that!

JAORMX
JAORMX requested changes Feb 26, 2024
View reviewed changes
rule-types/github/homoglyphs_invisible_characters.yaml Outdated
guidance: >
For every pull request submitted to a repository, this rule will check if the
pull request adds a new dependency with invisible characters. If it does, the rule will
fail and the pull request will be commented on.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The guidance is meant to tell you what to do if the rule fails. This is more appropriate for a description.

rule-types/github/homoglyphs_mixed_scripts.yaml Outdated
guidance: >
For every pull request submitted to a repository, this rule will check if the
pull request adds text with mixed scripts. If it does, the rule will
fail and the pull request will be commented on.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The guidance is meant to tell you what to do if the rule fails. This is more appropriate for a description.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks: updated

@JAORMX JAORMX mentioned this pull request Feb 26, 2024
Merged
@teodor-yanev teodor-yanev merged commit 511776d into main Feb 26, 2024
1 check passed
@teodor-yanev teodor-yanev deleted the add-homoglyphs-rule-types branch February 26, 2024 17:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jhrozek jhrozek jhrozek left review comments

@JAORMX JAORMX JAORMX approved these changes

Assignees

@teodor-yanev teodor-yanev

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@teodor-yanev @JAORMX @jhrozek