samba.git/python/samba/tests/source_chars.py, branch talloc-2.3.4 Unnamed repository; edit this file 'description' to name the repository. HEIMDAL: move code from source4/heimdal* to third_party/heimdal* 2022-01-19T21:41:59+00:00 Stefan Metzmacher metze@samba.org 2022-01-19T12:15:45+00:00 7055827b8ffd3823c1240ba3f0b619dd6068cd51 This makes it clearer that we always want to do heimdal changes via the lorikeet-heimdal repository. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Autobuild-User(master): Joseph Sutton <jsutton@samba.org> Autobuild-Date(master): Wed Jan 19 21:41:59 UTC 2022 on sn-devel-184 
This makes it clearer that we always want to do heimdal changes
via the lorikeet-heimdal repository.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

Autobuild-User(master): Joseph Sutton <jsutton@samba.org>
Autobuild-Date(master): Wed Jan 19 21:41:59 UTC 2022 on sn-devel-184
tests: Update latin1 list and ignored file list for new Heimdal import 2022-01-19T20:50:35+00:00 Andrew Bartlett abartlet@samba.org 2021-11-29T02:36:37+00:00 6e8ac61b36ec74581fde8720107bce8971989015 NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN! Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
pytest/source_char: check for mixed direction text 2021-12-03T18:53:43+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2021-11-17T20:17:53+00:00 dab828f63c0a6bf0bb96920fd36383f6cbe43179 As pointed out in https://lwn.net/Articles/875964, forbidding bidi marker characters is not always going to be enough to avoid right-to-left vs left-to-right confusion. Consider this: $ python -c's = "b = x # 2 * n * m"; print(s); print(s.replace("x", "א").replace("n", "ח"))' b = x # 2 * n * m b = א # 2 * ח * m Those two lines are semantically the same, with the Hebrew letters "א" and "ח" replacing "x" and "n". But they look like they mean different things. It is not enough to say we only allow these scripts (or indeed non-ascii) in strings and comments, as demonstrated in this example: $ python -c's = "b = \"x#\" # n"; print(s); print(s.replace("x", "א").replace("n", "ח"))' b = "x#" # n b = "א#" # ח where the second line is visually disordered but looks valid. Any series of neutral characters between teo RTL characters will be reversed (and possibly mirrored). In practice this affects one file, which is a text file for testing unicode normalisation. I think, for the reasons shown above, we are unlikely to see legitimate RTL code outside perhaps of documentation files — but if we do, we can add those files to the allow-list. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Dec 3 18:53:43 UTC 2021 on sn-devel-184 
As pointed out in https://lwn.net/Articles/875964, forbidding bidi
marker characters is not always going to be enough to avoid
right-to-left vs left-to-right confusion. Consider this:

$ python -c's = "b = x  # 2 * n * m"; print(s); print(s.replace("x", "א").replace("n", "ח"))'

b = x  # 2 * n * m
b = א  # 2 * ח * m

Those two lines are semantically the same, with the Hebrew letters
"א" and "ח" replacing "x" and "n". But they look like they mean
different things.

It is not enough to say we only allow these scripts (or indeed
non-ascii) in strings and comments, as demonstrated in this example:

$ python -c's = "b = \"x#\"  #  n"; print(s); print(s.replace("x", "א").replace("n", "ח"))'

b = "x#"  #  n
b = "א#"  #  ח

where the second line is visually disordered but looks valid. Any series
of neutral characters between teo RTL characters will be reversed (and
possibly mirrored).

In practice this affects one file, which is a text file for testing
unicode normalisation.

I think, for the reasons shown above, we are unlikely to see legitimate
RTL code outside perhaps of documentation files — but if we do, we can
add those files to the allow-list.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Dec  3 18:53:43 UTC 2021 on sn-devel-184
pytest/source_chars: forget thirdparty/pep8 test file 2021-11-19T12:35:39+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2021-11-19T02:28:48+00:00 2c3596e72144fb1b356de860ccfef1ea1f39fd9d Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org> 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
lib/replace/timegm: use utf-8 2021-11-17T05:27:39+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2021-11-16T20:47:18+00:00 2868b8036498e7fa0c7ae3615f5d97b42b360da2 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Wed Nov 17 05:27:39 UTC 2021 on sn-devel-184 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Nov 17 05:27:39 UTC 2021 on sn-devel-184
s4/auth/gensec/gensec_krb5_heimdal: use utf-8 2021-11-17T04:36:37+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2021-11-16T20:48:37+00:00 039f876c4e9f635b207f3b16c99662297a93dd5e Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Ralph Boehme <slow@samba.org> 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
test/blackbox/test_samba-tool_ntacl: use utf-8 2021-11-17T04:36:37+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2021-11-16T20:49:05+00:00 6ced906e2be66fb324aa012a06c8d3b10bbf78b2 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Ralph Boehme <slow@samba.org> 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
s3/modules/vfs_acl_common.h: use utf-8 2021-11-17T04:36:36+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2021-11-16T20:47:52+00:00 4c85693f55341344117f0b6d2bb7498099828dab Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Ralph Boehme <slow@samba.org> 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
test/bad_chars: ensure our tests could fail 2021-11-17T04:36:36+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2021-11-16T21:23:02+00:00 c3194d0d65d838b79cb5345a9d9433704b2f95ba Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Ralph Boehme <slow@samba.org> 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
pytests: check that we don't have bad format characters 2021-11-17T04:36:36+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2021-11-16T20:23:04+00:00 fccb105e079df7bfe22b6887262128ab9e81064d Unicode has format control characters that affect the appearance — including the apparent order — of other characters. Some of these, like the bidi controls (for mixing left-to-right scripts with right-to-left scripts) can be used make text that means one thing look very much like it means another thing. The potential for duplicity using these characters has recently been publicised under the name “Trojan Source”, and CVE-2021-42694. A specific example, as it affects the Rust language is CVE-2021-42574. We don't have many format control characters in our code — in fact, just the non-breaking space (\u200b) and the redundant BOM thing (\ufeff), and this test aims to ensure we keep it that way. The test uses a series of allow-lists and deny-lists to check most text files for unknown format control characters. The filtering is fairly conservative but not exhaustive. For example, XML and text files are checked, but UTF-16 files are not. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Ralph Boehme <slow@samba.org> 
Unicode has format control characters that affect the appearance —
including the apparent order — of other characters. Some of these,
like the bidi controls (for mixing left-to-right scripts with
right-to-left scripts) can be used make text that means one thing look
very much like it means another thing.

The potential for duplicity using these characters has recently been
publicised under the name “Trojan Source”, and CVE-2021-42694. A
specific example, as it affects the Rust language is CVE-2021-42574.

We don't have many format control characters in our code — in fact,
just the non-breaking space (\u200b) and the redundant BOM thing
(\ufeff), and this test aims to ensure we keep it that way.

The test uses a series of allow-lists and deny-lists to check most
text files for unknown format control characters. The filtering is
fairly conservative but not exhaustive. For example, XML and text
files are checked, but UTF-16 files are not.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>