CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
  • Join Community
Start Here
  • What is CodeAnt?
Setup
  • Github
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
    • Pyspark
    • Python
    • Java
    • C / CPP
    • C #
    • JavaScript
    • Jcl
    • Kotlin
    • Kubernetes
    • Abap
    • Apex
    • Azure Source Manager
    • Php
    • Pli
    • Plsql
    • Secrets
    • Swift
    • Terraform
    • Text
    • Tsql
    • Rpg
    • Ruby
    • Scala
    • Vb6
    • Vbnet
    • Xml
    • Flex
    • Go
    • Html
    • Docker
    • Css
    • Cobol
    • Common
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
Resources
  • Open Source
  • Blogs
Anti-Patterns

Text

Using bidirectional characters is security-sensitive

DI) characters can lead to incomprehensible code.

The Unicode encoding contains BIDI control characters that are used to display text right-to-left (RTL) instead of left-to-right (LTR). This is necessary for certain languages that use RTL text. The BIDI characters can be used to create a difference in the code between what a human sees and what a compiler or interpreter sees. An advisary might use this feature to hide a backdoor in the code that will not be spotted by a human reviewer as it is not visible.

This can lead to supply chain attacks since the backdoored code might persist over a long time without being detected and can even be included in other projects, for example in the case of libraries.

Copy
def subtract_funds(account: str, amount: int):
''' Subtract funds from bank account then return; '''
bank[account] -= amount
return
TerraformTsql
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.