V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m0s
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m0s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
52
docs/man/LINTER_CHAR.md
Normal file
52
docs/man/LINTER_CHAR.md
Normal file
@@ -0,0 +1,52 @@
|
||||
---
|
||||
gitea: none
|
||||
include_toc: true
|
||||
---
|
||||
|
||||
# 1. CISS.debian.installer
|
||||
|
||||
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
|
||||
*The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
|
||||
**Master Version**: 8.00<br>
|
||||
**Build**: V8.00.000.2025.06.17<br>
|
||||
|
||||
# 2. Git Workflow Linter — Character Set Policy Enforcement
|
||||
|
||||
## 2.1. Overview
|
||||
|
||||
The **[linter_char_scripts.yaml](../../.gitea/workflows/linter_char_scripts.yaml)** defines a declarative policy framework for
|
||||
sanitizing and validating character scripts within a Git repository. It enforces linguistic and typographic constraints at the
|
||||
commit level, preventing the introduction of ambiguous, non-printable, homoglyphic, or non-standard Unicode character classes.
|
||||
This mechanism enhances both the integrity and auditability of the codebase, particularly in contexts where multilingual input,
|
||||
identity obfuscation, or supply-chain risk (e.g., Trojan Source attacks) must be mitigated.
|
||||
|
||||
## 2.2. Purpose
|
||||
|
||||
The core intent of this linter is to:
|
||||
|
||||
- **Detect forbidden Unicode scripts or codepoints** within staged files.
|
||||
- **Ensure locale-hygienic commits** by permitting only explicitly whitelisted language/script groups.
|
||||
- **Enforce character uniformity** across source files, configuration, and metadata.
|
||||
- **Block malicious or ambiguous glyph injection**, including bidirectional override, homoglyph attacks, or zero-width characters.
|
||||
|
||||
## 2.3. Security Considerations
|
||||
|
||||
This linter serves as a preventive supply-chain control by reducing exposure to:
|
||||
|
||||
- Invisible character injection (e.g. \u200e, \u202e)
|
||||
- Homoglyphic substitution (e.g. Cyrillic а vs. Latin a)
|
||||
- Bidirectional override attacks (Trojan Source)
|
||||
- Untraceable backdoors hidden in user comments or unused string literals
|
||||
|
||||
It complements traditional static analysis and code review processes by operating at a syntactic level of representation,
|
||||
thus neutralizing attacks that bypass semantic inspection.
|
||||
|
||||
## 2.4. Conclusion
|
||||
The ``linter_char_scripts.yaml`` is a vital component of the **CISS.debian.installer** secure development lifecycle. It defines
|
||||
a robust, extensible, and policy-driven control layer against linguistic abuse and typographic ambiguity in version-controlled
|
||||
assets. Its utility is especially salient in multi-language environments, cryptographic infrastructure code, and supply-chain
|
||||
sensitive repositories.
|
||||
|
||||
---
|
||||
**[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**
|
||||
<!-- vim: set number et ts=2 sw=2 sts=2 ai tw=128 ft=markdown -->
|
||||
Reference in New Issue
Block a user