USA could certainly prohibit companies from showing Russians NSA source code, but when the code is not supposed to be there in the first place, I suppose that presents a logical conundrum. The original code could be clean, but spying could be present in firmware or software upgrades. I presume that the Russians are allowed to compile the source to make sure that it is byte-identical to the distributed code. I'm not sure that the clean room thing is much help. Russian "programmers" could memorize the code, even tens of thousands of lines, and reproduce it later. Hell, Britain has memorizers who could do the same. That's if you don't want hidden or skull-embedded cameras or screen sensing (which preceded wardriving as a hobby).
Putting aside attempts to game the outcome, I admire the Russians' chutzpah in calling the TLAs' bluff. It's a propaganda win for them, even if it has nil practical worth.