B613: trojansource

B613: TrojanSource - Bidirectional control characters

This plugin checks for the presence of unicode bidirectional control characters in Python source files. Those characters can be embedded in comments and strings to reorder source code characters in a way that changes its logic.

Example:

>> Issue: [B613:trojansource] A Python source file contains bidirectional control characters ('\u202e').
   Severity: High   Confidence: Medium
   CWE: CWE-838 (https://cwe.mitre.org/data/definitions/838.html)
   More Info: https://bandit.readthedocs.io/en/1.7.5/plugins/b113_trojansource.html
   Location: examples/trojansource.py:4:25
 3          access_level = "user"
 4      if access_level != 'none‮⁦': # Check if admin ⁩⁦' and access_level != 'user
 5          print("You are an admin.\n")

Added in version 1.7.10.