tcosolutions/betterscan

find_unicode_control2.py incorrectly flags UTF-8 BOM as a Trojan Source exploit

carlin-q-scott opened this issue · 1 comments

Visual Studio automatically adds a unicode control character sequence at the beginning of every file, known as a BOM, to indicate the file's encoding. This sequence is being incorrectly identified as a Trojan Source exploit by the find_unicode_control2.py analyzer.

See this SO Answer for more details, including the exact byte sequence:

0xEF, 0xBB, 0xBF

@carlin-q-scott TrojanSource analyzer will check now only for Bidirectional characters, hopefully will solve your issue.