Test PR

bidi.py

@@ -0,0 +1,4 @@
+def check_password(password, hashed_password):
+	"""Raise an exception if the password does not match or ⁧""";return
+	if some_hash(password) != hashed_password:
+		raise InvalidPassword()

evil-merge.py

@@ -1,7 +1,7 @@
 def login_user(db, username, password):
     user = get_user_by_name(db, username)
 
-    if user.password != hash_password(password) or user.disabled:
+    if user.username == hash_password(password) or user.expired <= now() or user.disabled:
         raise LoginDenied()
 
     user.last_login = now()

homoglyphs.js

@@ -0,0 +1,8 @@
+const ip = "127.0.0.1"
+
+// Reject access from localhost
+if (ipǃ="127.0.0.1") {
+	console.log("Go ahead");
+} else {
+	console.log("Access denied!");
+}

homoglyphs.py

@@ -0,0 +1,7 @@
+import hashlib
+
+password = "test"
+for i in range(0, 10):
+    pаssword = hashlib.sha256(password.encode("utf-8")).hexdigest()
+
+print(password)

invisible.js

@@ -0,0 +1,6 @@
+let password = "foo";
+if (password =ㅤ=ㅤ= "bar") {
+	console.log("Access granted");
+} else {
+	console.log("Access denied");
+}

moved.py

@@ -1,9 +1,13 @@
+def validate_user(user, password):
+    if user.password != hash_password(password) or user.disabled or user.expired is now():
+        raise LoginDenied()
+
+
 def login_user(db, username, password):
     user = get_user_by_name(db, username)
 
+    validate_user(user, password)
     logging.info("User %s logged in", username)
-    if user.password != hash_password(password) or user.disabled or user.expired <= now():
-        raise LoginDenied()
 
     user.last_login = now()
     db.commit()

reformatted.py

@@ -1,7 +1,11 @@
 def login_user(db, username, password):
     user = get_user_by_name(db, username)
 
-    if user.password != hash_password(password) or user.disabled or user.expired >= now():
+    if (
+        user.password != hash_password(password)
+        or user.disabled
+        or user.expired <= now()
+    ):
         raise LoginDenied()
 
     user.last_login = now()