← Back to context

Comment by nemo1618

8 years ago

What an odd coincidence: I just published a Go package yesterday to detect such attacks in source code. Is there a homography bug going around?

https://github.com/NebulousLabs/glyphcheck

(btw, Wikipedia notes that "The term homograph is sometimes used synonymously with homoglyph, but in the usual linguistic sense, homographs are words that are spelled the same but have different meanings, a property of words, not characters.")

2 comments

nemo1618

Reply
01walid  8 years ago

Interesting, but -from the repo description- why this is limited to Go source code files?

  • nemo1618  8 years ago

    Mostly because it has an "ignore comments" mode. A lot of non-English speaking programmers write code using English keywords and identifiers but use their native language in the comments.

    With some work, it could be made language-agnostic, but that's more than I have time for right now. If comments aren't an issue, you can just grep through all your source files for the offending characters, which shouldn't take more than a simple bash script.