Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #23496 Add warnings when displaying code with bidirectional Unicode text in Git/PR web UI
    Actions
    Infos
    #23496
    Thomas Gerbet (tgerbet)
    2021-12-08 14:53
    2021-11-05 12:29
    25041
    Details
    Add warnings when displaying code with bidirectional Unicode text in Git/PR web UI

    As a countermeasure to CVE-2021-42574 we should add warnings when we encounter code with bidirectional Unicode text.

    Following places will be updated:

    • PR when viewing the diff of a file
    • Git when displaying the content of a file
    • Git when viewing the diff of a file

    CVS and SVN repositories will not be handled in this request.

    SCM/Git
    Empty
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2021-11-22
    Attachments
    Artifact links

    Releases

    Fixed in

    Artifact ID Project Tracker Summary Status Last Update Date Submitted By Assigned to
    rel #22713 Tuleap Releases 13.2 Delivered 2021-10-11 15:01 Manuel Vacelet (vaceletm)
    Empty
    References
    Referencing request #23496

    Git commit

    tuleap/tuleap/stable

    Add a warning when viewing a file in a PR containing potentially dangerous bidirectional characters 0f6f8e46b0
    User avatar Thomas Gerbet (tgerbet) , 2021-11-05 15:56
    Hightlight potentially dangerous bidirectional characters in PR diff 7302eb2dc5
    User avatar Thomas Gerbet (tgerbet) , 2021-11-08 17:06
    feat: improve display of special characters 89425acb09
    User avatar Nicolas Terray (nterray) , 2021-11-09 10:15
    Add a warning when viewing diff/file content containing potentially dangerous bidirectional characters in Git web UI 8149efbedc
    User avatar Thomas Gerbet (tgerbet) , 2021-11-09 12:14
    tlp-syntax-highlighting element shows potentially dangerous bidirectional Unicode characters 41f1db5ad1
    User avatar Thomas Gerbet (tgerbet) , 2021-11-12 17:05
    Display settings

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2021-11-22 11:10

    Closing this one. There is still room for improvements but it can be done in independent contributions/requests.

    • Status changed from Under implementation to Closed
    • Connected artifacts
    • Close date set to 2021-11-22