Added one more example to the qhelp

Sim4n6 · Sim4n6 · commit 09c97ce0dab6 · 2023-05-25T09:41:22.000+01:00
diff --git a/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp b/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp
@@ -23,6 +23,18 @@
 
         <sample src="./examples/unicode_normalization.rb" />
 
+    </example>
+    <example>
+
+        <p> The next example shows how an early deletion of a character may be bypassed due to a
+            potential Unicode character collision.</p>
+        <p>The character <code>&lt;</code> was expected to be omitted from the string <code>s</code>.
+            However, a malicious user may consider using its colliding Unicode character U+FE64 <code>
+            ﹤</code> as an alternative. Due to the Late-Unicode normalization with the form NFKC,
+            the resulting string would contain the unintended character <code>&lt;</code> . </p>
+
+        <sample src="./examples/unicode_normalization2.rb" />
+
     </example>
     <references>
         <li> Research study: <a
diff --git a/ruby/ql/src/experimental/cwe-176/examples/unicode_normalization2.rb b/ruby/ql/src/experimental/cwe-176/examples/unicode_normalization2.rb
@@ -0,0 +1,2 @@
+s = "﹤xss>"
+puts s.delete("<").unicode_normalize(:nfkc).include?("<")

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+s = "﹤xss>"`
	`2`	`+puts s.delete("<").unicode_normalize(:nfkc).include?("<")`