Closed syspect-tech closed 2 years ago
Please see Python/README.md, where it's already noted that the invisible characters in identifiers attack does not work against Python. The file referenced is included as a reproducible example of an attack that works in some other languages, but not in Python.
For a discussion of syntax highlighting, please see Section VII.C of the Trojan Source paper. In short, in some IDEs some attacks result in syntax highlighting such as this. The highlighting is far from universal across all platforms, and in some contexts may indicate to a developer (perhaps those that are more experienced) that an encoding attack is in place.
$ python3.7 invisible-function.py File "invisible-function.py", line 7 def is_admin(): ^ SyntaxError: invalid character in identifier
$ python3.7 --version Python 3.7.9
Perhaps should note 'invisible-function.py' does not work on 3.7 MacOs.