"Trojan Source" response

As a response to CVE-2021-42574, aka Trojan Source [0], several clang-tidy passes are under review to detect (i) unterminated bidi characters (ii) unicode identifiers with right-to-left direction and (iii) confusable identifiers detections.

The LLVM security group got contacted three months ago on that topic, the thread is now public [1].

Feel free to contribute to the review on Phabricator


[0] https://www.trojansource.codes/
[1] https://bugs.chromium.org/p/llvm/issues/detail?id=11