find_unicode_control2.py incorrectly flags UTF-8 BOM as a Trojan Source exploit
carlin-q-scott opened this issue · 1 comments
carlin-q-scott commented
Visual Studio automatically adds a unicode control character sequence at the beginning of every file, known as a BOM, to indicate the file's encoding. This sequence is being incorrectly identified as a Trojan Source exploit by the find_unicode_control2.py analyzer.
See this SO Answer for more details, including the exact byte sequence:
0xEF, 0xBB, 0xBF
marcinguy commented
@carlin-q-scott TrojanSource analyzer will check now only for Bidirectional characters, hopefully will solve your issue.