gradle/wrapper-validation-action
1
0
Fork 0
mirror of https://github.com/gradle/wrapper-validation-action synced 2024-11-23 17:22:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Mention the homoglyph detection capabilities in the README

Browse source
This commit is contained in:
Jonathan Leitschuh 2020-01-15 12:24:14 -05:00
parent 9f4cacc32b
commit 169f8f11db
No known key found for this signature in database
GPG key ID: 3501A7427721B061
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -34,6 +34,12 @@ verify that any and all `gradle-wrapper.jar` files in the repository match the S
If any are found that do not match the SHA-256 checksums of our official releases, the action will fail.
Additionally, the action will find and SHA-256 hash all
[homoglyph](https://en.wikipedia.org/wiki/Homoglyph)
variants of files named `gradle-wrapper.jar`,
for example a file named `gradlе-wrapper.jar` (which uses a Cyrillic `е` instead of `e`).
The goal is to prevent homoglyph attacks which may be very difficult to spot in a GitHub diff.
## Usage
Simply add this action to your workflow **after** having checked out your source tree and **before** running any Gradle build: