[reportlab-users] Python files and ascii
Peter Cock
p.j.a.cock at googlemail.com
Mon Feb 21 06:02:08 EST 2022
That's a good point Robin, something I'll keep in mind for other Python
projects.
Generally it has only been people's names where I/we have needed this
(things
like contributor listings or references in comments/docstrings).
Would it be a helpful compromise to allow unicode Python files for the
tests only?
Peter
On Mon, Feb 21, 2022 at 10:51 AM Robin Becker <robin at reportlab.com> wrote:
> Hi Claude,
>
> I am a bit unsure about this patch. I accept the unique test is probably
> not required, but I don't think we should
> remove the test for all reportlab python files being in ascii.
>
> There has been a lot of interest recently in the possibility of using
> unicode to do malware hackery eg by smuggling in
> code which appears reasonable, but is in fact different and hidden by use
> of homoglyphs see eg
>
> https://threatpost.com/trojan-source-invisible-bugs-source-code/175891/
>
> The ReportLab code base has at least until now been almost entirely in
> English with some American spellings eg color
> instead of colour, and there are a small number of foreign language texts
> (mostly in the tests folder).
>
> I suppose the implication of removing the test would be that some of the
> reportlab code could use variables strings etc
> with non-ascii characters. Can you give examples where that would be
> beneficial.
>
> What do others think?
>
> I'm not entirely sure about the security problems with homoglyphs, but
> they have to be a consideration with open source
> projects where we have a fairly open patching policy.
>
> On 18/02/2022 22:45, Claude Paroz wrote:
> > Hi all,
> >
> > Here's a new patch that stop testing for ReportLab Python files being
> ASCII-only. On Python 3, we can safely include
> > Unicode chars in Python files.
> >
> > Claude
> ..........
> --
> Robin Becker
> _______________________________________________
> reportlab-users mailing list
> reportlab-users at lists2.reportlab.com
> https://pairlist2.pair.net/mailman/listinfo/reportlab-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist2.pair.net/pipermail/reportlab-users/attachments/20220221/197a1faf/attachment.htm>
More information about the reportlab-users
mailing list