blob: 1be764fd6c7be2514cddebbc490538e8de28954f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
Obfuscation prevention
======================
See this meta-report from David A. Wheeler:
https://www.ida.org/research-and-publications/publications/all/i/in/initial-analysis-of-underhanded-source-code
Disallow shadowing of external/imported classes
-----------------------------------------------
Can this be done reliably? One might "forget" to add the dependency on
the module containing the class, which would then count as "no shadowing".
Shadowing system functions was apparently a common way to write underhanded
code.
Another approach could be to always require some kind of suffix, and
use special syntax that cannot appear elsewhere, e.g.:
sys:File f = open "hello.txt"
Ensure that comment syntaxes from other languages give an error
---------------------------------------------------------------
For example (doens't mean all should be blocked):
//
/*
;
(*
{
--
"""
%
'
REM
:
Ensure that a # in strange locations result in a warning
--------------------------------------------------------
For example:
if s == "your number: "#123" !" and is_admin
if b #= true
Maybe all # with any non-space character on either side should give a warning?
Similarly for "
if s == "test and is_admin and other_s == "or true
Forbid big spacing (beyonds 80 columns)
---------------------------------------
For example:
bool is_admin = false <lots of spaces> or true
|
