Skip to main content

Invisible Characters Check

The following rule type is available for detecting invisible characters in pull requests.

stacklok/invisible_characters_check - Check for invisible characters in pull requests

For every pull request submitted to a repository, this rule will check if the pull request adds a new change patch with invisible characters. If it does, the rule will fail and the pull request will be commented on.

This detects and highlights the use of invisible characters that could potentially hide malicious code.

The characters classified as "invisible" can be found at https://invisible-characters.com/

For more information on the potential security implications, see https://www.usenix.org/system/files/usenixsecurity23-boucher.pdf

Entity

  • pull_request

Type

  • stacklok/invisible_characters_check

Rule parameters

The stacklok/invisible_characters_check rule supports the following parameters:

  • None

Rule definition options

The stacklok/invisible_characters_check rule supports the following options:

  • None