Add utility for detecting and converting full-width Unicode characters

[Copilot]

Full-width Unicode characters (U+FF01–FF5E) are visually identical to ASCII but cause syntax errors and enable homograph attacks. The problem statement demonstrates authentication code where ａｐｐ.ｇｅｔ looks like app.get but won't execute.

Changes

• FullWidthCharacterUtils.java: Core detection and conversion utility

  • isFullWidthCharacter(char) - detects full-width chars including ideographic space (U+3000)
  • containsFullWidthCharacters(String) - scans strings for presence
  • toAscii(char|String) - converts to ASCII equivalents via offset subtraction (code_point - 0xFEE0)
  • findFullWidthCharacterPositions(String) - returns indices of violations
  • createFullWidthReport(String) - generates diagnostic output with Unicode code points

• FullWidthCharacterExample.java: Demonstrates conversion of the authentication endpoint code

• FullWidthCharacterUtilsTest.java: 43 test cases covering detection, conversion, null handling, and mixed content

Example Usage

String malicious = "ａｐｐ.ｇｅｔ('/ａｕｔｈ')";
FullWidthCharacterUtils.containsFullWidthCharacters(malicious);  // true
FullWidthCharacterUtils.toAscii(malicious);  // "app.get('/auth')"

// Diagnostic report
String report = FullWidthCharacterUtils.createFullWidthReport("ａｂc");
// Output:
// Found 2 full-width character(s):
//   Position 0: 'ａ' (U+FF41) -> 'a' (U+0061)
//   Position 1: 'ｂ' (U+FF42) -> 'b' (U+0062)

Documentation in FULLWIDTH_CHARS_README.md covers security implications and technical details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• dl.google.com
  • Triggering command: /usr/lib/jvm/temurin-11-jdk-amd64/bin/java /usr/lib/jvm/temurin-11-jdk-amd64/bin/java -Dorg.gradle.appname=gradlew -classpath /home/REDACTED/work/TTAG/TTAG/gradle/wrapper/gradle-wrapper.jar org.gradle.wrapper.GradleWrapperMain --info -Dorg.gradle.configureondemand=false -Dorg.gradle.configuration-cache.problems=warn -Dorg.gradle.dependency.verification=off -Dorg.gradle.warning.mode=none --no-daemon --init-script /opt/hostedtoolcache/CodeQL/2.24.0/x64/codeql/java/tools/setup-proxy.gradle --init-script /opt/hostedtoolcache/CodeQL/2.24.0/x64/codeql/java/tools/dep-graph.gradle ForceDependencyResolutionPlugin_resolveAllDependencies --stacktrace -DGITHUB_DEPENDENCY_GRAPH_JOB_CORRELATOR=dep-graph -DGITHUB_DEPENDENCY_GRAPH_JOB_ID=REDACTED -DGITHUB_DEPENDENCY_GRAPH_SHA=REDACTED (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

ａｐｐ.ｇｅｔ('/ａｕｔｈｅｎｔｉｃａｔｅ', ａｓｙｎｃ (ｒｅｑ, ｒｅｓ) => {
ｃｏｎｓｔ ｔｏｋｅｎ = ｒｅｑ.ｑｕｅｒｙ.ｔｏｋｅｎ;
ｃｏｎｓｔ ｔｏｋｅｎＴｙｐｅ = ｒｅｑ.ｑｕｅｒｙ.ｓｔｙｔｃｈ_ｔｏｋｅｎ_ｔｙｐｅ;

// Ｈａｎｄｌｅ Ｄｉｓｃｏｖｅｒｙ ａｕｔｈｅｎｔｉｃａｔｉｏｎ.
ｉｆ (ｔｏｋｅｎＴｙｐｅ !== 'ｄｉｓｃｏｖｅｒｙ') {
ｃｏｎｓｏｌｅ.ｅｒｒｏｒ(Ｕｎｒｅｃｏｇｎｉｚｅｄ ｔｏｋｅｎ ｔｙｐｅ: '${ｔｏｋｅｎＴｙｐｅ}');
ｒｅｓ.ｓｔａｔｕｓ(400).ｓｅｎｄ();
ｒｅｔｕｒｎ;
}

ｃｏｎｓｔ ａｕｔｈＲｅｓｐ = ａｗａｉｔ ｓｔｙｔｃｈＣｌｉｅｎｔ.ｍａｇｉｃＬｉｎｋｓ.ｄｉｓｃｏｖｅｒｙ.ａｕｔｈｅｎｔｉｃａｔｅ({
ｄｉｓｃｏｖｅｒｙ_ｍａｇｉｃ_ｌｉｎｋｓ_ｔｏｋｅｎ: ｔｏｋｅｎ,
});
ｉｆ (ａｕｔｈＲｅｓｐ.ｓｔａｔｕｓ_ｃｏｄｅ !== 200) {
ｃｏｎｓｏｌｅ.ｅｒｒｏｒ('Ａｕｔｈｅｎｔｉｃａｔｉｏｎ ｅｒｒｏｒ')
ｒｅｓ.ｓｔａｔｕｓ(500).ｓｅｎｄ();
ｒｅｔｕｒｎ;
}

// Ｓｉｇｎ ｉｎｔｏ ｅｘｉｓｔｉｎｇ Ｏｒｇａｎｉｚａｔｉｏｎ ｉｆ ａｌｒｅａｄｙ Ｍｅｍｂｅｒ
ｃｏｎｓｔ ｉｓｔ = ａｕｔｈＲｅｓｐ.ｉｎｔｅｒｍｅｄｉａｔｅ_ｓｅｓｓｉｏｎ_ｔｏｋｅｎ
ｉｆ (ａｕｔｈＲｅｓｐ.ｄｉｓｃｏｖｅｒｅｄ_ｏｒｇａｎｉｚａｔｉｏｎｓ.ｌｅｎｇｔｈ > 0 ) {
ｃｏｎｓｔ ｅｘｃｈａｎｇｅＲｅｓｐ = ａｗａｉｔ ｓｔｙｔｃｈＣｌｉｅｎｔ.ｄｉｓｃｏｖｅｒｙ.ｉｎｔｅｒｍｅｄｉａｔｅＳｅｓｓｉｏｎｓ.ｅｘｃｈａｎｇｅ({
ｉｎｔｅｒｍｅｄｉａｔｅ_ｓｅｓｓｉｏｎ_ｔｏｋｅｎ: ｉｓｔ,
ｏｒｇａｎｉｚａｔｉｏｎ_ｉｄ: ａｕｔｈＲｅｓｐ.ｄｉｓｃｏｖｅｒｅｄ_ｏｒｇａｎｉｚａｔｉｏｎｓ[0].ｏｒｇａｎｉｚａｔｉｏｎ.ｏｒｇａｎｉｚａｔｉｏｎ_ｉｄ,
});
ｉｆ (ｅｘｃｈａｎｇｅＲｅｓｐ.ｓｔａｔｕｓ_ｃｏｄｅ !== 200) {
ｃｏｎｓｏｌｅ.ｅｒｒｏｒ(Ｅｒｒｏｒ ｅｘｃｈａｎｇｉｎｇ ＩＳＴ ｉｎｔｏ Ｏｒｇａｎｉｚａｔｉｏｎ: ${ＪＳＯＮ.ｓｔｒｉｎｇｉｆｙ(ｅｘｃｈａｎｇｅＲｅｓｐ, ｎｕｌｌ, 2)});
ｒｅｓ.ｓｔａｔｕｓ(500).ｓｅｎｄ();
ｒｅｔｕｒｎ;
}
// Ｓｔｏｒｅ ｔｈｅ ｒｅｔｕｒｎｅｄ ｓｅｓｓｉｏｎ ａｎｄ ｒｅｔｕｒｎ ｓｅｓｓｉｏｎ ｍｅｍｂｅｒ ｉｎｆｏｒｍａｔｉｏｎ
// Ｕｓｉｎｇ ｅｘｐｒｅｓｓ ｓｅｓｓｉｏｎｓ ｗｉｔｈ ｔｈｅ ｃｏｎｓｔ ｋｅｙ ｏｆ ＳｔｙｔｃｈＳｅｓｓｉｏｎＴｏｋｅｎ
ｒｅｑ.ｓｅｓｓｉｏｎ.ＳｔｙｔｃｈＳｅｓｓｉｏｎＴｏｋｅｎ = ｅｘｃｈａｎｇｅＲｅｓｐ.ｓｅｓｓｉｏｎ_ｔｏｋｅｎ;
ｒｅｓ.ｓｅｎｄ(Ｈｅｌｌｏ, ${ａｕｔｈＲｅｓｐ.ｍｅｍｂｅｒ.ｅｍａｉｌ_ａｄｄｒｅｓｓ}! Ｙｏｕ'ｒｅ ｌｏｇｇｅｄ ｉｎｔｏ ｔｈｅ ${ａｕｔｈＲｅｓｐ.ｏｒｇａｎｉｚａｔｉｏｎ.ｏｒｇａｎｉｚａｔｉｏｎ_ｎａｍｅ} ｏｒｇａｎｉｚａｔｉｏｎ);
ｒｅｔｕｒｎ;
}

// Ｉｆ ｎｏｔ ｅｌｉｇｉｂｌｅ ｔｏ ｌｏｇ ｉｎｔｏ ａｎ ｅｘｉｓｔｉｎｇ ｏｒｇ, ｃｒｅａｔｅ ｎｅｗ ｏｎｅ
ｃｏｎｓｔ ｃｒｅａｔｅＲｅｓｐ = ａｗａｉｔ ｓｔｙｔｃｈＣｌｉｅｎｔ.ｄｉｓｃｏｖｅｒｙ.ｏｒｇａｎｉｚａｔｉｏｎｓ.ｃｒｅａｔｅ({
ｉｎｔｅｒｍｅｄｉａｔｅ_ｓｅｓｓｉｏｎ_ｔｏｋｅｎ: ｉｓｔ,
});
ｉｆ (ｃｒｅａｔｅＲｅｓｐ.ｓｔａｔｕｓ_ｃｏｄｅ !== 200) {
ｃｏｎｓｏｌｅ.ｅｒｒｏｒ(Ｅｒｒｏｒ ｃｒｅａｔｉｎｇ Ｏｒｇａｎｉｚａｔｉｏｎ: '${ＪＳＯＮ.ｓｔｒｉｎｇｉｆｙ(ｃｒｅａｔｅＲｅｓｐ, ｎｕｌｌ, 2)}');
ｒｅｓ.ｓｔａｔｕｓ(500).ｓｅｎｄ();
ｒｅｔｕｒｎ;
}
// Ｓｔｏｒｅ ｔｈｅ ｒｅｔｕｒｎｅｄ ｓｅｓｓｉｏｎ ａｎｄ ｒｅｔｕｒｎ ｓｅｓｓｉｏｎ ｍｅｍｂｅｒ ｉｎｆｏｒｍａｔｉｏｎ
ｒｅｑ.ｓｅｓｓｉｏｎ.ＳｔｙｔｃｈＳｅｓｓｉｏｎＴｏｋｅｎ = ｃｒｅａｔｅＲｅｓｐ.ｓｅｓｓｉｏｎ_ｔｏｋｅｎ;
ｒｅｓ.ｓｅｎｄ(Ｈｅｌｌｏ, ${ｃｒｅａｔｅＲｅｓｐ.ｍｅｍｂｅｒ.ｅｍａｉｌ_ａｄｄｒｅｓｓ}! Ｙｏｕ'ｒｅ ｌｏｇｇｅｄ ｉｎｔｏ ｔｈｅ ${ｃｒｅａｔｅＲｅｓｐ.ｏｒｇａｎｉｚａｔｉｏｎ.ｏｒｇａｎｉｚａｔｉｏｎ_ｎａｍｅ} ｏｒｇａｎｉｚａｔｉｏｎ);
ｒｅｔｕｒｎ;
});

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[montinode]

𝖠𝗉𝗉𝗋𝗈𝗏𝖾𝖽 𝔟𝔶𝔪𝔬𝔫𝔱𝔦