Launchpad itself

Launchpad should warn when non-ASCII characters are introduced in a merge proposal

Bug #2051958 reported by Junien F on 2024-02-01

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Launchpad itself	Confirmed	Low	Unassigned

Bug Description

Hello,

We had an incident yesterday caused copy/pasting a parameter from a man page.
The parameter was :
--delete‐delay
which is very different from :
--delete-delay

Can you spot the difference ?
In the first case, the character between "delete" and "delay" is "‐", aka U+2010, named "hyphen".
In the second case, it's the boring ASCII dash/minus sign/hyphen.

The introduced parameter did not get accepted by the program and it breaking a script.

One layer of protection against this could be implemented in Launchpad, with a warning when a merge proposal introduces a non-ASCII character in a code base.

What are your thoughts on this ?

Note that non-ASCII characters can also be used to carry attacks through various ways, e.g. https://www.blazeinfosec.com/post/homographs-attack/ (there are many other articles about this)

Thanks

Tags:

Junien F (axino) on 2024-02-01

summary:

- Launchpad should warn when unicode characters are introduced in a merge
- proposal
+ Launchpad should warn when non-ASCII characters are introduced in a
+ merge proposal

Haw Loeung (hloeung) on 2024-02-01

Changed in launchpad:
status:	New → Confirmed

Ines Almeida (ines-almeida) on 2024-02-09

tags:

added: code-review feature

Guruprasad (lgp171188) on 2024-02-28

Changed in launchpad:
importance:	Undecided → Low

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.