Add right-to-left-override character (U+202E) detection

crytic · Apr 12, 2019 · 349e9f7 · 349e9f7
1 parent 36707ef
commit 349e9f7
Show file tree

Hide file tree

Showing 6 changed files with 55 additions and 1 deletion.
diff --git a/scripts/travis_test_4.sh b/scripts/travis_test_4.sh
@@ -52,7 +52,7 @@ test_slither(){
     fi
 
     result=$(python "$DIR/json_diff.py" "$expected" "$DIR/tmp-test.json")
-
+	
     rm "$DIR/tmp-test.json"
     if [ "$result" != "{}" ]; then
       echo ""
@@ -97,3 +97,4 @@ test_slither tests/multiple_calls_in_loop.sol "calls-loop"
 test_slither tests/shadowing_builtin_symbols.sol "shadowing-builtin"
 test_slither tests/shadowing_local_variable.sol "shadowing-local"
 test_slither tests/solc_version_incorrect.sol "solc-version"
+test_slither tests/right_to_left_override.sol "rtlo"
diff --git a/slither/detectors/all_detectors.py b/slither/detectors/all_detectors.py
@@ -31,5 +31,6 @@
 from .erc20.incorrect_interface import IncorrectERC20InterfaceDetection
 from .erc20.unindexed_event_parameters import UnindexedERC20EventParameters
 from .statements.deprecated_calls import DeprecatedStandards
+from .source.rtlo import RightToLeftOverride
 #
 #
diff --git a/slither/detectors/source/__init__.py b/slither/detectors/source/__init__.py
diff --git a/slither/detectors/source/rtlo.py b/slither/detectors/source/rtlo.py
@@ -0,0 +1,36 @@
+from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification
+import re
+
+class RightToLeftOverride(AbstractDetector):
+    """
+    Detect the usage of a Right-To-Left-Override (U+202E) character
+    """
+
+    ARGUMENT = 'rtlo'  
+    HELP = 'Right-To-Left-Override control character is used'
+    IMPACT = DetectorClassification.HIGH
+    CONFIDENCE = DetectorClassification.HIGH
+
+    WIKI = 'https://github.com/crytic/slither/wiki/Detector-Documentation#right-to-left-override'
+    WIKI_TITLE = 'Right-To-Left-Override character'
+    WIKI_DESCRIPTION = 'An attacker can manipulate the logic of the contract by using a right-to-left-override character (U+202E)'
+    WIKI_EXPLOIT_SCENARIO = ' '
+    WIKI_RECOMMENDATION = 'Special control characters should not be allowed'
+
+    def _detect(self):
+        results = []
+
+        pattern = re.compile(".*\u202e.*");
+        for filename, source in self.slither.source_code.items():
+            info = "{} contains a unicode right-to-left-override character:\n".format(filename)
+            found = False
+            for match in pattern.finditer(source):
+                match_line = match.group(0)
+                info += "\t- {}\n".format(match_line)
+                found = True
+
+            if found:
+                json = self.generate_json_result(info)
+                results.append(json)
+
+        return results
diff --git a/tests/expected_json/right_to_left_override.rtlo.json b/tests/expected_json/right_to_left_override.rtlo.json
@@ -0,0 +1 @@
+[{"check": "rtlo", "impact": "High", "confidence": "High", "description": "tests/right_to_left_override.sol contains a unicode right-to-left-override character:\n\t-         test1(/*A\u202e/*B*/2 , 1/*\u202d\n", "elements": []}]
diff --git a/tests/right_to_left_override.sol b/tests/right_to_left_override.sol
@@ -0,0 +1,15 @@
+//pragma solidity ^0.4.24;
+
+contract A
+{
+    function test() public pure
+    {
+        test1(/*A‮/*B*/2 , 1/*‭
+		        /*C */,3);
+    }
+
+    function test1(uint a, uint b, uint c) internal pure
+    {
+		a = b + c;
+    }
+}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		[{"check": "rtlo", "impact": "High", "confidence": "High", "description": "tests/right_to_left_override.sol contains a unicode right-to-left-override character:\n\t- test1(/A\u202e/B/2 , 1/\u202d\n", "elements": []}]