security: add unicode safety guard to hooks and CI#1710
Open
DrDavidL wants to merge 2 commits intokoala73:mainfrom
Open
security: add unicode safety guard to hooks and CI#1710DrDavidL wants to merge 2 commits intokoala73:mainfrom
DrDavidL wants to merge 2 commits intokoala73:mainfrom
Conversation
|
@DrDavidL is attempting to deploy a commit to the Elie Team on Vercel. A member of the Team first needs to authorize it. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a Unicode safety guardrail to prevent hidden/invisible Unicode abuse in executable files.
Changes
add npm scripts:
Unicode safety: no staged executable files to scan. staged check
Running API type check...
Running CJS syntax check...
Running Unicode safety check...
Unicode safety: scanned 701 file(s), no suspicious hidden Unicode found.
Running edge function bundle check...
Running edge function tests...
▶ scripts/shared/ stays in sync with shared/
✔ scripts/shared/commodities.json matches shared/commodities.json (0.927583ms)
✔ scripts/shared/country-names.json matches shared/country-names.json (0.669959ms)
✔ scripts/shared/crypto.json matches shared/crypto.json (0.493459ms)
✔ scripts/shared/etfs.json matches shared/etfs.json (0.497666ms)
✔ scripts/shared/gulf.json matches shared/gulf.json (0.531625ms)
✔ scripts/shared/rss-allowed-domains.cjs matches shared/rss-allowed-domains.cjs (0.469083ms)
✔ scripts/shared/rss-allowed-domains.json matches shared/rss-allowed-domains.json (0.492125ms)
✔ scripts/shared/sectors.json matches shared/sectors.json (0.513458ms)
✔ scripts/shared/stablecoins.json matches shared/stablecoins.json (0.566959ms)
✔ scripts/shared/stocks.json matches shared/stocks.json (0.669166ms)
✔ scripts/shared/ stays in sync with shared/ (6.383125ms)
▶ Edge Function shared helpers resolve
✔ _rss-allowed-domains.js re-exports shared domain list (0.832875ms)
✔ Edge Function shared helpers resolve (0.874209ms)
▶ Edge Function no node: built-ins
✔ _api-key.js does not import node: built-ins (unsupported in Vercel Edge Runtime) (0.360667ms)
✔ _cors.js does not import node: built-ins (unsupported in Vercel Edge Runtime) (0.263ms)
✔ _rate-limit.js does not import node: built-ins (unsupported in Vercel Edge Runtime) (0.2465ms)
✔ _relay.js does not import node: built-ins (unsupported in Vercel Edge Runtime) (0.233875ms)
✔ _rss-allowed-domains.js does not import node: built-ins (unsupported in Vercel Edge Runtime) (0.247833ms)
✔ _turnstile.js does not import node: built-ins (unsupported in Vercel Edge Runtime) (0.236875ms)
✔ ais-snapshot.js does not import node: built-ins (unsupported in Vercel Edge Runtime) (0.3465ms)
✔ bootstrap.js does not import node: built-ins (unsupported in Vercel Edge Runtime) (0.316667ms)
✔ cache-purge.js does not import node: built-ins (unsupported in Vercel Edge Runtime) (0.230792ms)
✔ contact.js does not import node: built-ins (unsupported in Vercel Edge Runtime) (0.24775ms)
✔ download.js does not import node: built-ins (unsupported in Vercel Edge Runtime) (0.2655ms)
✔ fwdstart.js does not import node: built-ins (unsupported in Vercel Edge Runtime) (0.265833ms)
✔ geo.js does not import node: built-ins (unsupported in Vercel Edge Runtime) (0.255417ms)
✔ gpsjam.js does not import node: built-ins (unsupported in Vercel Edge Runtime) (0.239416ms)
✔ health.js does not import node: built-ins (unsupported in Vercel Edge Runtime) (0.247ms)
✔ military-flights.js does not import node: built-ins (unsupported in Vercel Edge Runtime) (0.231834ms)
✔ og-story.js does not import node: built-ins (unsupported in Vercel Edge Runtime) (0.258ms)
✔ opensky.js does not import node: built-ins (unsupported in Vercel Edge Runtime) (0.279917ms)
✔ oref-alerts.js does not import node: built-ins (unsupported in Vercel Edge Runtime) (0.22975ms)
✔ polymarket.js does not import node: built-ins (unsupported in Vercel Edge Runtime) (0.214375ms)
✔ register-interest.js does not import node: built-ins (unsupported in Vercel Edge Runtime) (0.25475ms)
✔ reverse-geocode.js does not import node: built-ins (unsupported in Vercel Edge Runtime) (0.2235ms)
✔ rss-proxy.js does not import node: built-ins (unsupported in Vercel Edge Runtime) (0.246166ms)
✔ satellites.js does not import node: built-ins (unsupported in Vercel Edge Runtime) (0.236708ms)
✔ seed-health.js does not import node: built-ins (unsupported in Vercel Edge Runtime) (0.232792ms)
✔ story.js does not import node: built-ins (unsupported in Vercel Edge Runtime) (0.240417ms)
✔ telegram-feed.js does not import node: built-ins (unsupported in Vercel Edge Runtime) (0.230875ms)
✔ version.js does not import node: built-ins (unsupported in Vercel Edge Runtime) (0.230583ms)
✔ Edge Function no node: built-ins (7.383791ms)
▶ Legacy api/.js endpoint allowlist
✔ ais-snapshot.js is in the legacy endpoint allowlist (0.091375ms)
✔ bootstrap.js is in the legacy endpoint allowlist (0.016375ms)
✔ cache-purge.js is in the legacy endpoint allowlist (0.015375ms)
✔ contact.js is in the legacy endpoint allowlist (0.026334ms)
✔ download.js is in the legacy endpoint allowlist (0.026084ms)
✔ fwdstart.js is in the legacy endpoint allowlist (0.015542ms)
✔ geo.js is in the legacy endpoint allowlist (0.015291ms)
✔ gpsjam.js is in the legacy endpoint allowlist (0.026125ms)
✔ health.js is in the legacy endpoint allowlist (0.019417ms)
✔ military-flights.js is in the legacy endpoint allowlist (0.015666ms)
✔ og-story.js is in the legacy endpoint allowlist (0.012417ms)
✔ opensky.js is in the legacy endpoint allowlist (0.011958ms)
✔ oref-alerts.js is in the legacy endpoint allowlist (0.02025ms)
✔ polymarket.js is in the legacy endpoint allowlist (0.015333ms)
✔ register-interest.js is in the legacy endpoint allowlist (0.017917ms)
✔ reverse-geocode.js is in the legacy endpoint allowlist (0.027583ms)
✔ rss-proxy.js is in the legacy endpoint allowlist (0.026125ms)
✔ satellites.js is in the legacy endpoint allowlist (0.020083ms)
✔ seed-health.js is in the legacy endpoint allowlist (0.023708ms)
✔ story.js is in the legacy endpoint allowlist (0.301208ms)
✔ telegram-feed.js is in the legacy endpoint allowlist (0.013917ms)
✔ version.js is in the legacy endpoint allowlist (0.011167ms)
✔ allowlist has no stale entries (all listed files exist) (0.117333ms)
✔ Legacy api/.js endpoint allowlist (1.046875ms)
▶ Edge Function module isolation
✔ ais-snapshot.js does not import from ../server/ (Edge Functions cannot resolve cross-directory TS) (0.397792ms)
✔ ais-snapshot.js does not import from ../src/ (Edge Functions cannot resolve TS aliases) (0.261333ms)
✔ bootstrap.js does not import from ../server/ (Edge Functions cannot resolve cross-directory TS) (0.316083ms)
✔ bootstrap.js does not import from ../src/ (Edge Functions cannot resolve TS aliases) (0.242333ms)
✔ cache-purge.js does not import from ../server/ (Edge Functions cannot resolve cross-directory TS) (0.236667ms)
✔ cache-purge.js does not import from ../src/ (Edge Functions cannot resolve TS aliases) (0.223708ms)
✔ contact.js does not import from ../server/ (Edge Functions cannot resolve cross-directory TS) (0.230833ms)
✔ contact.js does not import from ../src/ (Edge Functions cannot resolve TS aliases) (0.220667ms)
✔ download.js does not import from ../server/ (Edge Functions cannot resolve cross-directory TS) (0.227584ms)
✔ download.js does not import from ../src/ (Edge Functions cannot resolve TS aliases) (0.235667ms)
✔ fwdstart.js does not import from ../server/ (Edge Functions cannot resolve cross-directory TS) (0.2325ms)
✔ fwdstart.js does not import from ../src/ (Edge Functions cannot resolve TS aliases) (0.22525ms)
✔ geo.js does not import from ../server/ (Edge Functions cannot resolve cross-directory TS) (0.304709ms)
✔ geo.js does not import from ../src/ (Edge Functions cannot resolve TS aliases) (0.224667ms)
✔ gpsjam.js does not import from ../server/ (Edge Functions cannot resolve cross-directory TS) (0.216458ms)
✔ gpsjam.js does not import from ../src/ (Edge Functions cannot resolve TS aliases) (0.362125ms)
✔ health.js does not import from ../server/ (Edge Functions cannot resolve cross-directory TS) (0.237917ms)
✔ health.js does not import from ../src/ (Edge Functions cannot resolve TS aliases) (0.233458ms)
✔ military-flights.js does not import from ../server/ (Edge Functions cannot resolve cross-directory TS) (0.2155ms)
✔ military-flights.js does not import from ../src/ (Edge Functions cannot resolve TS aliases) (0.224625ms)
✔ og-story.js does not import from ../server/ (Edge Functions cannot resolve cross-directory TS) (0.2595ms)
✔ og-story.js does not import from ../src/ (Edge Functions cannot resolve TS aliases) (0.241792ms)
✔ opensky.js does not import from ../server/ (Edge Functions cannot resolve cross-directory TS) (0.208709ms)
✔ opensky.js does not import from ../src/ (Edge Functions cannot resolve TS aliases) (0.231959ms)
✔ oref-alerts.js does not import from ../server/ (Edge Functions cannot resolve cross-directory TS) (0.218125ms)
✔ oref-alerts.js does not import from ../src/ (Edge Functions cannot resolve TS aliases) (0.218667ms)
✔ polymarket.js does not import from ../server/ (Edge Functions cannot resolve cross-directory TS) (0.309333ms)
✔ polymarket.js does not import from ../src/ (Edge Functions cannot resolve TS aliases) (0.211333ms)
✔ register-interest.js does not import from ../server/ (Edge Functions cannot resolve cross-directory TS) (0.284625ms)
✔ register-interest.js does not import from ../src/ (Edge Functions cannot resolve TS aliases) (0.457541ms)
✔ reverse-geocode.js does not import from ../server/ (Edge Functions cannot resolve cross-directory TS) (0.427333ms)
✔ reverse-geocode.js does not import from ../src/ (Edge Functions cannot resolve TS aliases) (0.223458ms)
✔ rss-proxy.js does not import from ../server/ (Edge Functions cannot resolve cross-directory TS) (0.224459ms)
✔ rss-proxy.js does not import from ../src/ (Edge Functions cannot resolve TS aliases) (0.229458ms)
✔ satellites.js does not import from ../server/ (Edge Functions cannot resolve cross-directory TS) (0.231792ms)
✔ satellites.js does not import from ../src/ (Edge Functions cannot resolve TS aliases) (0.22925ms)
✔ seed-health.js does not import from ../server/ (Edge Functions cannot resolve cross-directory TS) (0.225083ms)
✔ seed-health.js does not import from ../src/ (Edge Functions cannot resolve TS aliases) (0.24ms)
✔ story.js does not import from ../server/ (Edge Functions cannot resolve cross-directory TS) (0.218083ms)
✔ story.js does not import from ../src/ (Edge Functions cannot resolve TS aliases) (0.198084ms)
✔ telegram-feed.js does not import from ../server/ (Edge Functions cannot resolve cross-directory TS) (0.285625ms)
✔ telegram-feed.js does not import from ../src/ (Edge Functions cannot resolve TS aliases) (0.224375ms)
✔ version.js does not import from ../server/ (Edge Functions cannot resolve cross-directory TS) (0.233ms)
✔ version.js does not import from ../src/ (Edge Functions cannot resolve TS aliases) (0.222958ms)
✔ Edge Function module isolation (11.534125ms)
ℹ tests 106
ℹ suites 5
ℹ pass 106
ℹ fail 0
ℹ cancelled 0
ℹ skipped 0
ℹ todo 0
ℹ duration_ms 87.302458
Running markdown lint...
markdownlint-cli2 v0.21.0 (markdownlint v0.40.0)
Finding: /*.md !/node_modules/** !.agent/** !.agents/** !.claude/** !.factory/** !.windsurf/** !skills/** !docs/internal/** !docs/Docs_To_Review/** !node_modules/** !dist/** !src-tauri/target/** !.planning/**
Linting: 34 file(s)
Summary: 0 error(s)
Running MDX lint (Mintlify compatibility)...
▶ MDX files have no bare angle brackets
✔ COMMUNITY-PROMOTION-GUIDE.md has no bare <digit or <hyphen outside code (1.89075ms)
✔ TAURI_VALIDATION_REPORT.md has no bare <digit or <hyphen outside code (0.894458ms)
✔ adding-endpoints.mdx has no bare <digit or <hyphen outside code (0.753333ms)
✔ ai-intelligence.mdx has no bare <digit or <hyphen outside code (0.841792ms)
✔ algorithms.mdx has no bare <digit or <hyphen outside code (0.884542ms)
✔ api-key-deployment.mdx has no bare <digit or <hyphen outside code (0.834ms)
✔ architecture.mdx has no bare <digit or <hyphen outside code (1.91ms)
✔ changelog.mdx has no bare <digit or <hyphen outside code (0.94175ms)
✔ contributing.mdx has no bare <digit or <hyphen outside code (0.932541ms)
✔ cors.mdx has no bare <digit or <hyphen outside code (0.6945ms)
✔ country-instability-index.mdx has no bare <digit or <hyphen outside code (0.7815ms)
✔ data-sources.mdx has no bare <digit or <hyphen outside code (1.176084ms)
✔ desktop-app.mdx has no bare <digit or <hyphen outside code (0.875459ms)
✔ documentation.mdx has no bare <digit or <hyphen outside code (0.683417ms)
✔ features.mdx has no bare <digit or <hyphen outside code (0.786417ms)
✔ finance-data.mdx has no bare <digit or <hyphen outside code (0.662625ms)
✔ geographic-convergence.mdx has no bare <digit or <hyphen outside code (0.71775ms)
✔ getting-started.mdx has no bare <digit or <hyphen outside code (0.769ms)
✔ harness-engineering-roadmap.md has no bare <digit or <hyphen outside code (0.727834ms)
✔ health-endpoints.mdx has no bare <digit or <hyphen outside code (0.69125ms)
✔ hotspots.mdx has no bare <digit or <hyphen outside code (0.587042ms)
✔ infrastructure-cascade.mdx has no bare <digit or <hyphen outside code (0.556125ms)
✔ license.mdx has no bare <digit or <hyphen outside code (0.554625ms)
✔ local-backend-audit.md has no bare <digit or <hyphen outside code (0.526916ms)
✔ map-engine.mdx has no bare <digit or <hyphen outside code (0.563625ms)
✔ maps-and-geocoding.mdx has no bare <digit or <hyphen outside code (0.550792ms)
✔ maritime-intelligence.mdx has no bare <digit or <hyphen outside code (0.522708ms)
✔ military-tracking.mdx has no bare <digit or <hyphen outside code (0.511834ms)
✔ natural-disasters.mdx has no bare <digit or <hyphen outside code (45.725333ms)
✔ orbital-surveillance.mdx has no bare <digit or <hyphen outside code (2.242958ms)
✔ overview.mdx has no bare <digit or <hyphen outside code (0.891375ms)
✔ premium-finance-search.mdx has no bare <digit or <hyphen outside code (0.662834ms)
✔ premium-finance.mdx has no bare <digit or <hyphen outside code (0.513833ms)
✔ relay-parameters.mdx has no bare <digit or <hyphen outside code (0.620167ms)
✔ release-packaging.mdx has no bare <digit or <hyphen outside code (0.65175ms)
✔ signal-intelligence.mdx has no bare <digit or <hyphen outside code (0.410333ms)
✔ strategic-risk.mdx has no bare <digit or <hyphen outside code (0.3355ms)
✔ user-requests.md has no bare <digit or <hyphen outside code (0.376375ms)
✔ webcam-layer.mdx has no bare <digit or <hyphen outside code (0.39975ms)
✔ MDX files have no bare angle brackets (76.593333ms)
▶ MDX files have no bare curly braces
✔ COMMUNITY-PROMOTION-GUIDE.md has no bare {expression} outside code (0.579875ms)
✔ TAURI_VALIDATION_REPORT.md has no bare {expression} outside code (0.406541ms)
✔ adding-endpoints.mdx has no bare {expression} outside code (0.478708ms)
✔ ai-intelligence.mdx has no bare {expression} outside code (0.4445ms)
✔ algorithms.mdx has no bare {expression} outside code (0.499ms)
✔ api-key-deployment.mdx has no bare {expression} outside code (0.44725ms)
✔ architecture.mdx has no bare {expression} outside code (0.770042ms)
✔ changelog.mdx has no bare {expression} outside code (1.257167ms)
✔ contributing.mdx has no bare {expression} outside code (0.604625ms)
✔ cors.mdx has no bare {expression} outside code (0.3645ms)
✔ country-instability-index.mdx has no bare {expression} outside code (0.397333ms)
✔ data-sources.mdx has no bare {expression} outside code (0.42875ms)
✔ desktop-app.mdx has no bare {expression} outside code (0.438375ms)
✔ documentation.mdx has no bare {expression} outside code (0.331625ms)
✔ features.mdx has no bare {expression} outside code (0.441083ms)
✔ finance-data.mdx has no bare {expression} outside code (0.396875ms)
✔ geographic-convergence.mdx has no bare {expression} outside code (0.316458ms)
✔ getting-started.mdx has no bare {expression} outside code (0.367209ms)
✔ harness-engineering-roadmap.md has no bare {expression} outside code (0.248083ms)
✔ health-endpoints.mdx has no bare {expression} outside code (0.292458ms)
✔ hotspots.mdx has no bare {expression} outside code (0.273167ms)
✔ infrastructure-cascade.mdx has no bare {expression} outside code (0.293542ms)
✔ license.mdx has no bare {expression} outside code (0.289ms)
✔ local-backend-audit.md has no bare {expression} outside code (0.292125ms)
✔ map-engine.mdx has no bare {expression} outside code (0.2505ms)
✔ maps-and-geocoding.mdx has no bare {expression} outside code (0.436542ms)
✔ maritime-intelligence.mdx has no bare {expression} outside code (0.227833ms)
✔ military-tracking.mdx has no bare {expression} outside code (0.276459ms)
✔ natural-disasters.mdx has no bare {expression} outside code (0.22175ms)
✔ orbital-surveillance.mdx has no bare {expression} outside code (0.2895ms)
✔ overview.mdx has no bare {expression} outside code (0.28175ms)
✔ premium-finance-search.mdx has no bare {expression} outside code (0.250791ms)
✔ premium-finance.mdx has no bare {expression} outside code (0.241583ms)
✔ relay-parameters.mdx has no bare {expression} outside code (0.252791ms)
✔ release-packaging.mdx has no bare {expression} outside code (0.287625ms)
✔ signal-intelligence.mdx has no bare {expression} outside code (0.300625ms)
✔ strategic-risk.mdx has no bare {expression} outside code (0.252958ms)
✔ user-requests.md has no bare {expression} outside code (0.258333ms)
✔ webcam-layer.mdx has no bare {expression} outside code (0.262417ms)
✔ MDX files have no bare curly braces (15.282167ms)
ℹ tests 78
ℹ suites 2
ℹ pass 78
ℹ fail 0
ℹ cancelled 0
ℹ skipped 0
ℹ todo 0
ℹ duration_ms 168.932
Running proto freshness check...
No proto-related changes, skipping.
Running version sync check...
[version:check] OK. package.json, tauri.conf.json, and Cargo.toml are all 2.6.5.
Scope
Why
Defense-in-depth against Trojan Source and Unicode steganography style supply-chain attacks with minimal runtime impact.