Unicode

Unicode as a Security Risk Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Unicode?oldid=58617#Unicode_as_a_Security_Risk Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Unicode#Unicode_as_a_Security_Risk|Unicode as a Security Risk]]
Copy as Wikitext Click = Copy Copied to clipboard! [Unicode as a Security Risk](https://www.kicksecure.com/wiki/Unicode?oldid=58617#Unicode_as_a_Security_Risk)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Unicode as a Security Risk](https://www.kicksecure.com/wiki/Unicode?oldid=58617#Unicode_as_a_Security_Risk)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Unicode?oldid=58617#Unicode_as_a_Security_Risk]Unicode as a Security Risk[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

There are invisible characters that might be copied that can do malicious actions. This is a security risk for:

• A) For users: Commands copied and pasted into a terminal emulator.
• B) For developers: Introduction of invisible vulnerabilities or backdoors through source code contributions.

These adversarial encodings produce no visual artifacts probably in most editors and terminals.

Forum discussion: https://forums.whonix.org/t/detecting-malicious-unicode-in-source-code-and-pull-requests/13754

Checking Files for Unicode Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Unicode?oldid=58617#Checking_Files_for_Unicode Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Unicode#Checking_Files_for_Unicode|Checking Files for Unicode]]
Copy as Wikitext Click = Copy Copied to clipboard! [Checking Files for Unicode](https://www.kicksecure.com/wiki/Unicode?oldid=58617#Checking_Files_for_Unicode)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Checking Files for Unicode](https://www.kicksecure.com/wiki/Unicode?oldid=58617#Checking_Files_for_Unicode)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Unicode?oldid=58617#Checking_Files_for_Unicode]Checking Files for Unicode[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

NOTE: Not all unicode in files is necessarily malicious. Only some unicode characters in some files is suspicious or potentially malicious.

Syntax for files:

grep-find-unicode-wrapper /path/to/filename

Example for files:

Click = Copy Copied to clipboard! grep-find-unicode-wrapper ~/.bashrc

Syntax for folders:

grep-find-unicode-wrapper -r /path/to/folder

Example for folders:

Note: The following example check the user's home folder. Replace ~/ with a different folder if another folder should be checked.

Click = Copy Copied to clipboard! grep-find-unicode-wrapper -r ~/

Expected output:

• A) If no unicode has been found: None.
• B) If unicode has been found: All lines that include unicode.