New Rule: Detect invisible characters

[nzakas]

Rule details

The rule should detect the presence of \u3164 and \uFFA0, which are letters that don't have any visible portion.

Related CVE

https://trojansource.codes/

Example code

const checkCommands = [
        'ping -c 1 google.com',
        'curl -s http://example.com/',\u3164
    ];

Participation

• I am willing to submit a pull request to implement this rule.

Additional comments

More details:
https://certitude.consulting/blog/en/invisible-backdoor/

Ported from:
eslint/eslint#15281