rspec/rules/S6389/text/rule.adoc

include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

A hidden BIDI character is present in front of `return`:

----
def subtract_funds(account: str, amount: int):
    ''' Subtract funds from bank account then ⁧''' ;return
    bank[account] -= amount
    return
----

The executed code looks like the following:

----
def subtract_funds(account: str, amount: int):
    ''' Subtract funds from bank account then <RLI>''' ;return
    bank[account] -= amount
    return
----

== Compliant Solution

No hidden BIDI characters are present:

----
def subtract_funds(account: str, amount: int):
    ''' Subtract funds from bank account then return; '''
    bank[account] -= amount
    return
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

include::../highlighting.adoc[]

'''

endif::env-github,rspecator-view[]
-												Create rule S6389: Using bidirectional characters is security-sensitive (#634)

* Create rule S6389

* Update metadata

* Add empty files

* First draft description

* Add recommended draft

* add first AYW draft

* Add recommended draft

* add first see draft

* add first msg dragt

* added first highlighting draft

* added highlighting

* improvement ayw

* del newlin

* Homogenize ask-yourself

* added reco suggestion

* add unicode-friendly IDEs

* fix typos see

* Add CWE-94

* Add code samples

* Add code samples

* Add missing s

* Update message

Co-authored-by: nils-werner-sonarsource <nils-werner-sonarsource@users.noreply.github.com>
Co-authored-by: Hendrik Buchwald <hendrik.buchwald@sonarsource.com>
Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
Co-authored-by: Loris S <91723853+loris-s-sonarsource@users.noreply.github.com>
											
										
										
											2021-12-06 16:07:45 +01:00
+								include::../description.adoc[]
 								include::../ask-yourself.adoc[]
 								include::../recommended.adoc[]
 								== Sensitive Code Example
 								A hidden BIDI character is present in front of `return`:
 								----
 								def subtract_funds(account: str, amount: int):
 								    ''' Subtract funds from bank account then ⁧''' ;return
 								    bank[account] -= amount
 								    return
 								----
 								The executed code looks like the following:
 								----
 								def subtract_funds(account: str, amount: int):
 								    ''' Subtract funds from bank account then <RLI>''' ;return
 								    bank[account] -= amount
 								    return
 								----
 								== Compliant Solution
 								No hidden BIDI characters are present:
 								----
 								def subtract_funds(account: str, amount: int):
 								    ''' Subtract funds from bank account then return; '''
 								    bank[account] -= amount
 								    return
 								----
 								include::../see.adoc[]
 								ifdef::env-github,rspecator-view[]
 								'''
 								== Implementation Specification
 								(visible only on this page)
 								include::../message.adoc[]
 								include::../highlighting.adoc[]
 								'''
 								endif::env-github,rspecator-view[]