eslint-plugin-anti-trojan-source
Detect trojan source attacks that employ unicode bidi attacks to inject malicious code
About
ESLint plugin to detect and stop Trojan Source attacks from entering your codebase.
If you're unaware of what Trojan Source attacks are, or how unicode characters injected into a codebase could be used in malicious ways, refer to the README of the anti-trojan-source source code repository.
Install
npm install --save-dev eslint-plugin-anti-trojan-source
Usage example
Once you've installed this plugin, add it to your eslint configuration as follows.
First, you need to define it as a plugin:
Note: ESLint plugins can have their eslint-plugin prefix omitted when they are specified.
{
"plugins": ["anti-trojan-source"]
}
Then, add an ESLint rule that halts if it finds a Trojan Source attack:
"rules": {
"anti-trojan-source/no-bidi": "error"
}
Following is a complete example of configuration if you are defining ESLint configuration in your package.json
file:
"eslintConfig": {
"plugins": [
"anti-trojan-source"
],
"rules": {
"anti-trojan-source/no-bidi": "error"
}
}
Author
anti-trojan-source © Liran Tal, Released under the Apache-2.0 License.