Detecting (Malicious) Unicode in GitHub PRs

Demonstrates GitHub Actions workflow for Detecting (Malicious) Unicode in GitHub PRs

For more information, see this article:

https://tech.michaelaltfield.net/bidi-unicode-github-defense/

Demo

See the following PRs for this repo, which demonstrate the detection of malicious unicode that were attempted to be merged into main from user-contributed, malicious branches

#1
#2

The comments in the PRs were made by the following GitHub Actions workflow:

https://github.com/maltfield/detect-malicious-unicode/blob/main/.github/workflows/unicode_warn.yml

In the wild

The following GitHub CI workflows have been integrated into other projects' GitHub repos to detect malicious unicode characters

BusKill

License

The contents of this repo are dual-licensed. All code is GPLv3 and all other content is CC-BY-SA.

Name		Name	Last commit message	Last commit date
Latest commit History 28 Commits
.github/workflows		.github/workflows
Python		Python
LICENSE		LICENSE
README.md		README.md
bidi-unicode-github-defense_featuredImage2.jpg		bidi-unicode-github-defense_featuredImage2.jpg

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Detecting (Malicious) Unicode in GitHub PRs

Demo

In the wild

License

About

Releases

Packages

Languages

License

maltfield/detect-malicious-unicode

Folders and files

Latest commit

History

Repository files navigation

Detecting (Malicious) Unicode in GitHub PRs

Demo

In the wild

License

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages