Detecting (Malicious) Unicode in GitHub PRs

Demonstrates GitHub Actions workflow for Detecting (Malicious) Unicode in GitHub PRs

For more information, see this article:

https://tech.michaelaltfield.net/bidi-unicode-github-defense/

Demo

See the following PRs for this repo, which demonstrate the detection of malicious unicode that were attempted to be merged into main from user-contributed, malicious branches

The comments in the PRs were made by the following GitHub Actions workflow:

https://github.com/maltfield/detect-malicious-unicode/blob/main/.github/workflows/unicode_warn.yml

In the wild

The following GitHub CI workflows have been integrated into other projects' GitHub repos to detect malicious unicode characters

BusKill

License

The contents of this repo are dual-licensed. All code is GPLv3 and all other content is CC-BY-SA.

Related Projects

safemd

Safety first markdown rendering

15 Oct 2018 77

ActionsTOCTOU

Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)

07 Apr 2024 21

gitGraber

gitGraber: monitor GitHub to search and find sensitive data in real time for different online ser...

04 Sep 2019 2,010

detect-malicious-unicode