rustc_lint/
hidden_unicode_codepoints.rs

1use ast::util::unicode::{TEXT_FLOW_CONTROL_CHARS, contains_text_flow_control_chars};
2use rustc_ast as ast;
3use rustc_session::{declare_lint, declare_lint_pass};
4use rustc_span::{BytePos, Span, Symbol};
5
6use crate::lints::{
7    HiddenUnicodeCodepointsDiag, HiddenUnicodeCodepointsDiagLabels, HiddenUnicodeCodepointsDiagSub,
8};
9use crate::{EarlyContext, EarlyLintPass, LintContext};
10
11declare_lint! {
12    #[allow(text_direction_codepoint_in_literal)]
13    /// The `text_direction_codepoint_in_literal` lint detects Unicode codepoints that change the
14    /// visual representation of text on screen in a way that does not correspond to their on
15    /// memory representation.
16    ///
17    /// ### Explanation
18    ///
19    /// The unicode characters `\u{202A}`, `\u{202B}`, `\u{202D}`, `\u{202E}`, `\u{2066}`,
20    /// `\u{2067}`, `\u{2068}`, `\u{202C}` and `\u{2069}` make the flow of text on screen change
21    /// its direction on software that supports these codepoints. This makes the text "abc" display
22    /// as "cba" on screen. By leveraging software that supports these, people can write specially
23    /// crafted literals that make the surrounding code seem like it's performing one action, when
24    /// in reality it is performing another. Because of this, we proactively lint against their
25    /// presence to avoid surprises.
26    ///
27    /// ### Example
28    ///
29    /// ```rust,compile_fail
30    /// #![deny(text_direction_codepoint_in_literal)]
31    /// fn main() {
32    ///     println!("{:?}", '‮');
33    /// }
34    /// ```
35    ///
36    /// {{produces}}
37    ///
38    pub TEXT_DIRECTION_CODEPOINT_IN_LITERAL,
39    Deny,
40    "detect special Unicode codepoints that affect the visual representation of text on screen, \
41     changing the direction in which text flows",
42}
43
44declare_lint_pass!(HiddenUnicodeCodepoints => [TEXT_DIRECTION_CODEPOINT_IN_LITERAL]);
45
46impl HiddenUnicodeCodepoints {
47    fn lint_text_direction_codepoint(
48        &self,
49        cx: &EarlyContext<'_>,
50        text: Symbol,
51        span: Span,
52        padding: u32,
53        point_at_inner_spans: bool,
54        label: &str,
55    ) {
56        // Obtain the `Span`s for each of the forbidden chars.
57        let spans: Vec<_> = text
58            .as_str()
59            .char_indices()
60            .filter_map(|(i, c)| {
61                TEXT_FLOW_CONTROL_CHARS.contains(&c).then(|| {
62                    let lo = span.lo() + BytePos(i as u32 + padding);
63                    (c, span.with_lo(lo).with_hi(lo + BytePos(c.len_utf8() as u32)))
64                })
65            })
66            .collect();
67
68        let count = spans.len();
69        let labels = point_at_inner_spans
70            .then_some(HiddenUnicodeCodepointsDiagLabels { spans: spans.clone() });
71        let sub = if point_at_inner_spans && !spans.is_empty() {
72            HiddenUnicodeCodepointsDiagSub::Escape { spans }
73        } else {
74            HiddenUnicodeCodepointsDiagSub::NoEscape { spans }
75        };
76
77        cx.emit_span_lint(
78            TEXT_DIRECTION_CODEPOINT_IN_LITERAL,
79            span,
80            HiddenUnicodeCodepointsDiag { label, count, span_label: span, labels, sub },
81        );
82    }
83
84    fn check_literal(
85        &mut self,
86        cx: &EarlyContext<'_>,
87        text: Symbol,
88        lit_kind: ast::token::LitKind,
89        span: Span,
90        label: &'static str,
91    ) {
92        if !contains_text_flow_control_chars(text.as_str()) {
93            return;
94        }
95        let (padding, point_at_inner_spans) = match lit_kind {
96            // account for `"` or `'`
97            ast::token::LitKind::Str | ast::token::LitKind::Char => (1, true),
98            // account for `c"`
99            ast::token::LitKind::CStr => (2, true),
100            // account for `r###"`
101            ast::token::LitKind::StrRaw(n) => (n as u32 + 2, true),
102            // account for `cr###"`
103            ast::token::LitKind::CStrRaw(n) => (n as u32 + 3, true),
104            // suppress bad literals.
105            ast::token::LitKind::Err(_) => return,
106            // Be conservative just in case new literals do support these.
107            _ => (0, false),
108        };
109        self.lint_text_direction_codepoint(cx, text, span, padding, point_at_inner_spans, label);
110    }
111}
112
113impl EarlyLintPass for HiddenUnicodeCodepoints {
114    fn check_attribute(&mut self, cx: &EarlyContext<'_>, attr: &ast::Attribute) {
115        if let ast::AttrKind::DocComment(_, comment) = attr.kind {
116            if contains_text_flow_control_chars(comment.as_str()) {
117                self.lint_text_direction_codepoint(cx, comment, attr.span, 0, false, "doc comment");
118            }
119        }
120    }
121
122    #[inline]
123    fn check_expr(&mut self, cx: &EarlyContext<'_>, expr: &ast::Expr) {
124        // byte strings are already handled well enough by `EscapeError::NonAsciiCharInByteString`
125        match &expr.kind {
126            ast::ExprKind::Lit(token_lit) => {
127                self.check_literal(cx, token_lit.symbol, token_lit.kind, expr.span, "literal");
128            }
129            ast::ExprKind::FormatArgs(args) => {
130                let (lit_kind, text) = args.uncooked_fmt_str;
131                self.check_literal(cx, text, lit_kind, args.span, "format string");
132            }
133            _ => {}
134        };
135    }
136}