eslint-plugin-anti-trojan-source
Detect trojan source attacks that employ unicode bidi attacks to inject malicious code
About
ESLint plugin to detect and stop Trojan Source attacks from entering your codebase.
If you're unaware of what Trojan Source attacks are, or how unicode characters injected into a codebase could be used in malicious ways, refer to the README of the anti-trojan-source source code repository.
This ESLint plugin is based on the library and command-line tool anti-trojan-source.
Install
npm install --save-dev eslint-plugin-anti-trojan-source
Usage example
Once you've installed this plugin, add it to your eslint configuration as follows.
First, you need to define it as a plugin:
Note: ESLint plugins can have their eslint-plugin prefix omitted when they are specified.
{
"plugins": ["anti-trojan-source"]
}
Then, add an ESLint rule that halts if it finds a Trojan Source attack:
"rules": {
"anti-trojan-source/no-bidi": "error"
}
Following is a complete example of configuration if you are defining ESLint configuration in your package.json
file:
"eslintConfig": {
"plugins": [
"anti-trojan-source"
],
"rules": {
"anti-trojan-source/no-bidi": "error"
}
}
Author
eslint-plugin-anti-trojan-source © Liran Tal, Released under the Apache-2.0 License.