CVE-2021-42574 PoC — Unicode 代码注入漏洞

Source

Associated Vulnerability

Description

A GitHub Action to find Unicode control characters using the Red Hat diagnostic tool https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 to detect RHSB-2021-007 Trojan source attacks (CVE-2021-42574,CVE-2021-42694)

Readme

# Unicode Control Characters Action

A GitHub Action to find Unicode control characters using the
Red Hat diagnostic tool https://access.redhat.com/security/vulnerabilities/RHSB-2021-007
to detect RHSB-2021-007 Trojan source attacks (CVE-2021-42574,CVE-2021-42694)

## Inputs

### `args`

**Required** The script arguments documented in [src/README.txt](src/README.txt).

## Example usage

```yaml
name: Tests

on:
  push:
    branches:
      - '**'

jobs:
  tests:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Run Tests
        uses: pierdipi/unicode-control-characters-action@main
        with:
          args: -d .
```

File Snapshot

 [4.0K]  /data/pocs/90f3b11b23be808bad617404bb78888d1f72d1be
├── [ 244]  action.yml
├── [ 277]  Dockerfile
├── [ 175]  entrypoint.sh
├── [1.0K]  LICENSE
├── [ 687]  README.md
├── [4.0K]  src
│   ├── [7.9K]  find_unicode_control2.py
│   ├── [2.8K]  README.txt
│   └── [  63]  unicode_characters.py
└── [4.0K]  tests
    └── [ 328]  run-tests.sh

2 directories, 9 files

Remarks