Right-to-Left Override (RLO) character in filename

[npapandreou]

After reading the Why/What section of CIRClean, I didn't find out any information for protection against Right-to-Left Override character.

Is it removed as it is supposed, or not?

[Rafiot]

As far as I can tell, the extension will be properly discovered under linux/with python :

$  ipython3
Python 3.5.2+ (default, Sep 22 2016, 12:18:14) 
Type "copyright", "credits" or "license" for more information.

IPython 2.4.1 -- An enhanced Interactive Python.
?         -> Introduction and overview of IPython's features.
%quickref -> Quick reference.
help      -> Python's own help system.
object?   -> Details about 'object', use 'object??' for extra details.

In [1]: import os, glob

In [2]: for b in glob.glob('./*'):
              print(os.path.splitext(b))
('./test\u202eexe', '.doc')

So if you have a executable you try to hide as a .doc (and you manage to bypass the mimetype check), the script will try to process the file as an office document, fail, and add DANGEROUS at the beginning and at the end.

And I just realized that if you plug the key on a windows box, the LRO character kicks in and you will very probably get your exe file back (I need to try under windows, but it would make sense)

Very good point, we need to sanitize all the files containing \u202 in their names.