Be careful! Trojan horse in iOS codebase

Although, we developers create beautiful UI and always striving for improving the customers UX, we need to understand and eliminate some security issues.
In this article we will see a security issue called trojan horse.

See the problem ⚠️

As we all know, every character corresponds to a certain unicode. But did you know there are some special characters out there.

func test() {
    let accessLevel = "user"
    if accessLevel != "user⁦// check if admin⁩⁦" {
        print("You're an admin")
    }
}
test()

This code at first looks like it will output “You’re an admin”? But try copy-paste it into XCode and see how it looks like. Here is the result.

Not joking

Wait a second..😱 that was my first reaction. Now looks like it will not have any output.

Every developer out here would say that the output would be nothing as the predicate in the if statement equals false.

Guess what the output is:

You're an admin

So someone may change the flow of your application. What if you developed a software for autonomous car and inside the codebase there was something like this. Then the driver would hit the break and the car would accelerate ‼️

This wouldn’t happen cause of unit-testing but you still got my point!

Solution ✅

Don’t worry, there is a solution. Idea’s solution is simple.
Don’t let those special characters in codebase .

This can be done by using Swiftlint and adding a custom lint rule.

The rule you need to add is the following

Custom rule that catches those special characters

As suggested by macdrevx in this Pull request

In case you want to learn what swiftLint is I recommend you read this 👇

Enforce Swift Style and Conventions for iOS

If you learned something from this article don’t forget to follow and 👏.