Skip to content
/ scanning Public

Different scanning tools for different things

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

reglund/scanning

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
README.md
README.md
 
 
ig.py
ig.py
 
 

Repository files navigation

Invisible Ghost Vulnerability Scanner

Overview

This project provides a Python script designed to scan a codebase for hidden Unicode characters, specifically targeting those that could be associated with the "Invisible Ghost" vulnerability in GitHub Copilot. This vulnerability involves invisible characters being introduced into code, potentially leading to security risks that are hard to detect through manual code review.

For more information on the "Invisible Ghost" vulnerability, refer to the original blog post.

Features

  • Detects Hidden Unicode Characters: Scans for characters that are often invisible in standard text editors but can influence the behavior of code.
  • Supports Multiple File Types: The script is configured to scan Python, JavaScript, Java, HTML, CSS, and text files by default. This can be extended to other file types as needed.
  • Outputs Results to a File: Generates a well-formatted text report highlighting where invisible characters were found, including the file name, line number, and the affected content.

Requirements

  • Python 3.x: Make sure you have Python 3 installed on your system.

Installation

To get started with the Invisible Ghost Vulnerability Scanner:

  1. Clone the Repository: 
    git clone https://github.com/reglund/scanning.git
  2. Navigate to the Project Directory: 
    cd scanning/
  3. Ensure Python 3 is Installed: Make sure that Python 3 is installed on your machine. You can check this by running: 
    python3 --version

Usage

To scan your codebase for hidden Unicode characters:

  1. Place all the repositories you want to scan in the ~/git/ directory, or modify the script to point to the directory of your choice.

  2. Run the script:

    python3 ig.py

  3. The script will output a report named scan_results.txt in /tmp directory. This file will contain detailed information about any hidden characters found in your codebase, including:

    • File paths where the characters were detected
    • Line numbers within those files
    • The actual lines containing the invisible characters

Customization

  • File Types: By default, the script scans .py, .js, .java, .html, .css, and .txt files. You can customize the script to include other file types by modifying the file extensions in the script's scan_directory() function.
  • Additional Unicode Patterns: If you need to search for other types of hidden characters, you can expand the regex patterns in the invisible_characters_patterns list.

Example Output

Here is an example of what the output might look like in scan_results.txt:

File: /home/user/git/project/src/main.py
Line 42: def my_function():​ # Invisible character detected here
Found characters: ['\u200B']
File: /home/user/git/project/index.html
Line 10: <p>​This is an example paragraph.</p>
Found characters: ['\u200B']

Contributing

Contributions are welcome! If you find a bug or have a feature request, please open an issue or submit a pull request.

License

This project is licensed under the MIT License - see the LICENSE file for details.

References

About

Different scanning tools for different things

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages