trojan | An unidentifiable mechanism that helps you bypass GFW

I am trying to extract the following JSON into its own rows like the table below in Presto query. The issue here is the name of the key/av engine name is different for each row, and I am stuck on how I can extract and iterate on the keys without knowing the value of the key.

The json is a value of a table row

I am making an eel app, and I finished the html and everything, then I tried to convert the .py file to an .exe file. But cx_Freeze gives the following error:

I'd like to create a C wrapper for a C++ library I wrote.

All the examples and SO's answers I found:

• How can I call a C++ function from C?

• https://nachtimwald.com/2017/08/18/wrapping-c-objects-in-c/

How do I update my GitHub Actions CI pipeline such that, if any variation of the attacks demonstrated in the Trojan Code whitepaper are submitted as a PR to my GitHub repository, the PR either automatically rejects the submission or a comment is added to the PR warning about the vulnerability.

Background: on 2021-10-30, Nicholas Boucher and Ross Anderson published a paper titled Trojan Source: Invisible Vulnerabilities -- which outlined several ways that unicode could be used maliciously in code submissions that are appear (pixel-for-pixel) identical to non-malicious code, but are--in-fact--malicious. Besides more-obvious "ambiguous characters" used to define & call distinct functions, they specifically describe how a clever attacker can utilize unicode bidirectional control characters to do some very nasty things.

More background: I manage an open-source python project that's hosted on GitHub. Setting aside that after this paper was published, GitHub added warnings when viewing code containing potentially malicious unicode characters, visually detecting these issues in a PR was impossible in the GitHub WUI when merging PRs.

My question is: how can I protect myself from yet-to-be-discovered malicious unicode commits? And other literally-impossible-to-see vulnerabilities?

What can I add to my GitHub Actions CI pipeline to warn me about invisible dangers in user-contributed python code?

EDIT: Examples that should be caught include the following python snippets:

• https://github.com/nickboucher/trojan-source/tree/main/Python

I've been reading about code injection using unicode sequences and have been using a tool from Dotnetsafer to locate sequences in a codebad I've inherited. This sequence \uD83D\uDCCC keeps coming up:

An example:

Below are few example strings

as-jfk-interface-module-trojan-7.100.110-12350009

network-refresh-core-3.3.909-99950009

network-challenge7-7-ui-module-8.23.590-12350009

and I use the following regex to get the version part of the string like 7.100.110-12350009

regex:

(0|(?:[1-9]\d*))(?:\.(0|(?:[1-9]\d*))(?:\.(0|(?:[1-9]\d*)))?(?:\-([\w][\w\.\-_]*))?)?

While trying to match the word portion like as-jfk-interface-module-trojan or network-challenge7-7-ui-module by negation, [^(0|(?:[1-9]\d*))(?:\.(0|(?:[1-9]\d*))(?:\.(0|(?:[1-9]\d*)))?(?:\-([\w][\w\.\-_]*))?)?], it says Invalid regular expression: unbalanced parenthesis

I am trying to get the most frequent value or word in every row and add them in a new column

for example:

The original csv is called (stock.csv)

I have an object which looks like this:

I have an input file that consist of multiple nested dicts as shown below: