CI: Check for potientially dangerous Unicode characters

Bidirectional control and invisible characters can be used to hide malicious code. Ref: CVE-2021-42574, CVE-2021-42694
author: Matthias Dressel <code@deadcode.eu> 2021-11-01 23:07:32 +0300
committer: Matthias Dressel <code@deadcode.eu> 2021-11-05 16:58:25 +0300
commit: 9727d8579bad2eabdbd00ec8058568332b15bf3d (patch)
tree: 718fffac01f67a940d6dc33048e0a03ec009127c /.gitlab-ci.yml
parent: e40cc46c3c0a03e5ab738c4504a71099e0dbab63 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 2ba028e..b844803 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -4,7 +4,7 @@ stages:
     - test
 
 .debian-amd64-common:
-    image: registry.videolan.org/dav1d-debian-unstable:20211008082222
+    image: registry.videolan.org/dav1d-debian-unstable:20211102173310
     stage: build
     tags:
         - docker
@@ -65,6 +65,7 @@ style-check:
                   exit 1;
               fi;
           done
+        - rg '[\u061c\u2000-\u200f\u2028-\u202f\u205f-\u206f]' ./ && echo "Invisible Unicode characters" && exit 1
         - git remote rm upstream 2> /dev/null || true
         - git remote add upstream https://code.videolan.org/videolan/dav1d.git
         - git fetch -q upstream master
author	Matthias Dressel <code@deadcode.eu>	2021-11-01 23:07:32 +0300
committer	Matthias Dressel <code@deadcode.eu>	2021-11-05 16:58:25 +0300
commit	9727d8579bad2eabdbd00ec8058568332b15bf3d (patch)
tree	718fffac01f67a940d6dc33048e0a03ec009127c /.gitlab-ci.yml
parent	e40cc46c3c0a03e5ab738c4504a71099e0dbab63 (diff)