[reportlab-users] Python files and ascii
Robin Becker
robin at reportlab.com
Mon Feb 21 05:51:18 EST 2022
Hi Claude,
I am a bit unsure about this patch. I accept the unique test is probably not required, but I don't think we should
remove the test for all reportlab python files being in ascii.
There has been a lot of interest recently in the possibility of using unicode to do malware hackery eg by smuggling in
code which appears reasonable, but is in fact different and hidden by use of homoglyphs see eg
https://threatpost.com/trojan-source-invisible-bugs-source-code/175891/
The ReportLab code base has at least until now been almost entirely in English with some American spellings eg color
instead of colour, and there are a small number of foreign language texts (mostly in the tests folder).
I suppose the implication of removing the test would be that some of the reportlab code could use variables strings etc
with non-ascii characters. Can you give examples where that would be beneficial.
What do others think?
I'm not entirely sure about the security problems with homoglyphs, but they have to be a consideration with open source
projects where we have a fairly open patching policy.
On 18/02/2022 22:45, Claude Paroz wrote:
> Hi all,
>
> Here's a new patch that stop testing for ReportLab Python files being ASCII-only. On Python 3, we can safely include
> Unicode chars in Python files.
>
> Claude
..........
--
Robin Becker
More information about the reportlab-users
mailing list