Malicious code’s color is set to that of the background, it’s font size is set to 0, it is moved away from rest of the code and it is made un-selectable

  • aexiruch@lemmy.ml
    link
    fedilink
    arrow-up
    1
    ·
    3 years ago

    Looking is not always sufficient, there can be embedded subshells, newlines, etc. that’ll caise execution immediately. You need to inspect it in a separate program very carefully. Frankly, you probably shouldn’t ever copy and paste anything into a shell. Type it by hand. In a similar vein there are beautiful ways to hide malicious payloads in installer scripts (e.g. inspecting the user agent do it shows up as harmles when inspected in a browser) which are ever so popular with “hip” developer tools that can’t be arsed to go through the hassle of getting included in a distro properly, because releasing ten versions a day is “modern”…