Merge pull request #604 from xp4u1/feat/unicode

sobregosodd · web-flow · commit 76423bf8d531 · 2025-09-30T15:06:36.000-03:00
feat: filter rule for detection evasion using unicode
diff --git a/guarddog/analyzer/sourcecode/unicode.yml b/guarddog/analyzer/sourcecode/unicode.yml
@@ -0,0 +1,75 @@
+# Ignores string contents to reduce false positives!
+
+rules:
+  - id: unicode
+    message:
+      This package uses uncommon unicode characters in its code, it may try to
+      avoid detection.
+    metadata:
+      description: Identify suspicious unicode characters
+    languages:
+      - python
+    severity: WARNING
+    patterns:
+      # ignore comments
+      - pattern-not-regex: \#(.*)$
+
+      # ignore strings
+      - pattern-not-regex: (["'].*?["'])
+      - pattern-not-regex: ("""(.|\n)*?""")
+      - pattern-not-regex: ('''(.|\n)*?''')
+
+      - pattern-either:
+          - pattern-regex: ([ªᵃₐⓐａ𝐚𝑎𝒂𝒶𝓪𝔞𝕒𝖆𝖺𝗮𝘢𝙖𝚊])
+          - pattern-regex: ([ᵇⓑｂ𝐛𝑏𝒃𝒷𝓫𝔟𝕓𝖇𝖻𝗯𝘣𝙗𝚋])
+          - pattern-regex: ([ᶜⅽⓒｃ𝐜𝑐𝒄𝒸𝓬𝔠𝕔𝖈𝖼𝗰𝘤𝙘𝚌])
+          - pattern-regex: ([ᵈⅆⅾⓓｄ𝐝𝑑𝒅𝒹𝓭𝔡𝕕𝖉𝖽𝗱𝘥𝙙𝚍])
+          - pattern-regex: ([ᵉₑℯⅇⓔｅ𝐞𝑒𝒆𝓮𝔢𝕖𝖊𝖾𝗲𝘦𝙚𝚎])
+          - pattern-regex: ([ᶠⓕｆ𝐟𝑓𝒇𝒻𝓯𝔣𝕗𝖋𝖿𝗳𝘧𝙛𝚏])
+          - pattern-regex: ([ᵍℊⓖｇ𝐠𝑔𝒈𝓰𝔤𝕘𝖌𝗀𝗴𝘨𝙜𝚐])
+          - pattern-regex: ([ʰₕℎⓗｈ𝐡𝒉𝒽𝓱𝔥𝕙𝖍𝗁𝗵𝘩𝙝𝚑])
+          - pattern-regex: ([ᵢⁱℹⅈⅰⓘｉ𝐢𝑖𝒊𝒾𝓲𝔦𝕚𝖎𝗂𝗶𝘪𝙞𝚒])
+          - pattern-regex: ([ʲⅉⓙⱼｊ𝐣𝑗𝒋𝒿𝓳𝔧𝕛𝖏𝗃𝗷𝘫𝙟𝚓])
+          - pattern-regex: ([ᵏₖⓚｋ𝐤𝑘𝒌𝓀𝓴𝔨𝕜𝖐𝗄𝗸𝘬𝙠𝚔])
+          - pattern-regex: ([ˡₗℓⅼⓛｌ𝐥𝑙𝒍𝓁𝓵𝔩𝕝𝖑𝗅𝗹𝘭𝙡𝚕])
+          - pattern-regex: ([ᵐₘⅿⓜｍ𝐦𝑚𝒎𝓂𝓶𝔪𝕞𝖒𝗆𝗺𝘮𝙢𝚖])
+          - pattern-regex: ([ⁿₙⓝｎ𝐧𝑛𝒏𝓃𝓷𝔫𝕟𝖓𝗇𝗻𝘯𝙣𝚗])
+          - pattern-regex: ([ºᵒₒℴⓞｏ𝐨𝑜𝒐𝓸𝔬𝕠𝖔𝗈𝗼𝘰𝙤𝚘])
+          - pattern-regex: ([ᵖₚⓟｐ𝐩𝑝𝒑𝓅𝓹𝔭𝕡𝖕𝗉𝗽𝘱𝙥𝚙])
+          - pattern-regex: ([ⓠｑ𐞥𝐪𝑞𝒒𝓆𝓺𝔮𝕢𝖖𝗊𝗾𝘲𝙦𝚚])
+          - pattern-regex: ([ʳᵣⓡｒ𝐫𝑟𝒓𝓇𝓻𝔯𝕣𝖗𝗋𝗿𝘳𝙧𝚛])
+          - pattern-regex: ([ſˢₛⓢｓ𝐬𝑠𝒔𝓈𝓼𝔰𝕤𝖘𝗌𝘀𝘴𝙨𝚜])
+          - pattern-regex: ([ᵗₜⓣｔ𝐭𝑡𝒕𝓉𝓽𝔱𝕥𝖙𝗍𝘁𝘵𝙩𝚝])
+          - pattern-regex: ([ᵘᵤⓤｕ𝐮𝑢𝒖𝓊𝓾𝔲𝕦𝖚𝗎𝘂𝘶𝙪𝚞])
+          - pattern-regex: ([ᵛᵥⅴⓥｖ𝐯𝑣𝒗𝓋𝓿𝔳𝕧𝖛𝗏𝘃𝘷𝙫𝚟])
+          - pattern-regex: ([ʷⓦｗ𝐰𝑤𝒘𝓌𝔀𝔴𝕨𝖜𝗐𝘄𝘸𝙬𝚠])
+          - pattern-regex: ([ˣₓⅹⓧｘ𝐱𝑥𝒙𝓍𝔁𝔵𝕩𝖝𝗑𝘅𝘹𝙭𝚡])
+          - pattern-regex: ([ʸⓨｙ𝐲𝑦𝒚𝓎𝔂𝔶𝕪𝖞𝗒𝘆𝘺𝙮𝚢])
+          - pattern-regex: ([ᶻⓩｚ𝐳𝑧𝒛𝓏𝔃𝔷𝕫𝖟𝗓𝘇𝘻𝙯𝚣])
+
+          - pattern-regex: ([ᴬⒶＡ𝐀𝐴𝑨𝒜𝓐𝔄𝔸𝕬𝖠𝗔𝘈𝘼𝙰🄰])
+          - pattern-regex: ([ᴮℬⒷＢ𝐁𝐵𝑩𝓑𝔅𝔹𝕭𝖡𝗕𝘉𝘽𝙱🄱])
+          - pattern-regex: ([ℂℭⅭⒸꟲＣ𝐂𝐶𝑪𝒞𝓒𝕮𝖢𝗖𝘊𝘾𝙲🄫🄲])
+          - pattern-regex: ([ᴰⅅⅮⒹＤ𝐃𝐷𝑫𝒟𝓓𝔇𝔻𝕯𝖣𝗗𝘋𝘿𝙳🄳])
+          - pattern-regex: ([ᴱℰⒺＥ𝐄𝐸𝑬𝓔𝔈𝔼𝕰𝖤𝗘𝘌𝙀𝙴🄴])
+          - pattern-regex: ([ℱⒻꟳＦ𝐅𝐹𝑭𝓕𝔉𝔽𝕱𝖥𝗙𝘍𝙁𝙵🄵])
+          - pattern-regex: ([ᴳⒼＧ𝐆𝐺𝑮𝒢𝓖𝔊𝔾𝕲𝖦𝗚𝘎𝙂𝙶🄶])
+          - pattern-regex: ([ᴴℋℌℍⒽＨ𝐇𝐻𝑯𝓗𝕳𝖧𝗛𝘏𝙃𝙷🄷])
+          - pattern-regex: ([ᴵℐℑⅠⒾＩ𝐈𝐼𝑰𝓘𝕀𝕴𝖨𝗜𝘐𝙄𝙸🄸])
+          - pattern-regex: ([ᴶⒿＪ𝐉𝐽𝑱𝒥𝓙𝔍𝕁𝕵𝖩𝗝𝘑𝙅𝙹🄹])
+          - pattern-regex: ([ᴷKⓀＫ𝐊𝐾𝑲𝒦𝓚𝔎𝕂𝕶𝖪𝗞𝘒𝙆𝙺🄺])
+          - pattern-regex: ([ᴸℒⅬⓁＬ𝐋𝐿𝑳𝓛𝔏𝕃𝕷𝖫𝗟𝘓𝙇𝙻🄻])
+          - pattern-regex: ([ᴹℳⅯⓂＭ𝐌𝑀𝑴𝓜𝔐𝕄𝕸𝖬𝗠𝘔𝙈𝙼🄼])
+          - pattern-regex: ([ᴺℕⓃＮ𝐍𝑁𝑵𝒩𝓝𝔑𝕹𝖭𝗡𝘕𝙉𝙽🄽])
+          - pattern-regex: ([ᴼⓄＯ𝐎𝑂𝑶𝒪𝓞𝔒𝕆𝕺𝖮𝗢𝘖𝙊𝙾🄾])
+          - pattern-regex: ([ᴾℙⓅＰ𝐏𝑃𝑷𝒫𝓟𝔓𝕻𝖯𝗣𝘗𝙋𝙿🄿])
+          - pattern-regex: ([ℚⓆꟴＱ𝐐𝑄𝑸𝒬𝓠𝔔𝕼𝖰𝗤𝘘𝙌𝚀🅀])
+          - pattern-regex: ([ᴿℛℜℝⓇＲ𝐑𝑅𝑹𝓡𝕽𝖱𝗥𝘙𝙍𝚁🄬🅁])
+          - pattern-regex: ([ⓈＳ𝐒𝑆𝑺𝒮𝓢𝔖𝕊𝕾𝖲𝗦𝘚𝙎𝚂🅂])
+          - pattern-regex: ([ᵀⓉＴ𝐓𝑇𝑻𝒯𝓣𝔗𝕋𝕿𝖳𝗧𝘛𝙏𝚃🅃])
+          - pattern-regex: ([ᵁⓊＵ𝐔𝑈𝑼𝒰𝓤𝔘𝕌𝖀𝖴𝗨𝘜𝙐𝚄🅄])
+          - pattern-regex: ([ⅤⓋⱽＶ𝐕𝑉𝑽𝒱𝓥𝔙𝕍𝖁𝖵𝗩𝘝𝙑𝚅🅅])
+          - pattern-regex: ([ᵂⓌＷ𝐖𝑊𝑾𝒲𝓦𝔚𝕎𝖂𝖶𝗪𝘞𝙒𝚆🅆])
+          - pattern-regex: ([ⅩⓍＸ𝐗𝑋𝑿𝒳𝓧𝔛𝕏𝖃𝖷𝗫𝘟𝙓𝚇🅇])
+          - pattern-regex: ([ⓎＹ𝐘𝑌𝒀𝒴𝓨𝔜𝕐𝖄𝖸𝗬𝘠𝙔𝚈🅈])
+          - pattern-regex: ([ℤℨⓏＺ𝐙𝑍𝒁𝒵𝓩𝖅𝖹𝗭𝘡𝙕𝚉🅉])
diff --git a/tests/analyzer/sourcecode/unicode.py b/tests/analyzer/sourcecode/unicode.py
@@ -0,0 +1,3 @@
+def f():
+    # ruleid: unicode
+    𝚎𝚡𝚎𝚌("import 𝚘𝚜; 𝚙𝚛𝚒𝚗𝚝(𝚘𝚜.𝚞𝚗𝚊𝚖𝚎().𝚗𝚘𝚍𝚎𝚗𝚊𝚖𝚎)")

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+def f():`
	`2`	`+ # ruleid: unicode`
	`3`	`+ 𝚎𝚡𝚎𝚌("import 𝚘𝚜; 𝚙𝚛𝚒𝚗𝚝(𝚘𝚜.𝚞𝚗𝚊𝚖𝚎().𝚗𝚘𝚍𝚎𝚗𝚊𝚖𝚎)")`