RubyGems - jsobfu - Versions diffs - 0.1.0 - Mend

jsobfu 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

checksums.yaml +15 -0
data/lib/jsobfu.rb +73 -0
data/lib/jsobfu/ecma_tight.rb +316 -0
data/lib/jsobfu/hoister.rb +84 -0
data/lib/jsobfu/obfuscator.rb +144 -0
data/lib/jsobfu/scope.rb +148 -0
data/lib/jsobfu/utils.rb +366 -0
data/samples/basic.rb +26 -0
data/spec/integration_spec.rb +35 -0
data/spec/jsobfu/hoister_spec.rb +68 -0
data/spec/jsobfu/scope_spec.rb +201 -0
data/spec/jsobfu/utils_spec.rb +156 -0
data/spec/jsobfu_spec.rb +27 -0
data/spec/spec_helper.rb +68 -0
data/spec/support/matchers/be_in_charset.rb +5 -0
data/spec/support/matchers/evaluate_to.rb +41 -0
metadata +130 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    ZjQ5NmUzNTU1Mzk3ODdiZDNlMTkyNTQ5YWNmY2Y2MjJlNDVjNGZkMg==
+  data.tar.gz: !binary |-
+    MGJhOTA3NDJiMDg4ODY4MDE3NDBkYWRiMGFjNjhhY2FiZjdiYzczZA==
+SHA512:
+  metadata.gz: !binary |-
+    NDA3NmNiYTI1MjM0ZjFhNWMyYTJjMWFkNTU2YTdhZjg4ODYxNWJlMmQwNjZh
+    MWRjMTUzZmUyNDcwMmJmNjYxZDliN2ViZTYyYjA2MWVmZmFkNzIzZGUwZDhj
+    ZDFmMDUwZmY2Y2JiMmNjNjU0MzA2ZjRiZTAyOGIwMzYxZjM5YWE=
+  data.tar.gz: !binary |-
+    ODI4ZTgyOTFkZDBlZTdhZDFkN2M0ODU2NWJkYmMwYjYwZTFiNTc2Yjg1OGEx
+    YzdhZTRmNjcwYTNhNzlkNTgxYzU0YjJjODVkNmIwYWE4ZWYwZTk3MTY4NzQ4
+    NDM4ODEzODQ4NTI0ODA3NTJhMWQwZjY1NDJlNzA3ZGFlOGQzN2I=

data/lib/jsobfu.rb ADDED Viewed

@@ -0,0 +1,73 @@
+require 'rkelly'
+# The primary class, used to parse and obfuscate Javascript code.
+class JSObfu
+  require_relative 'jsobfu/scope'
+  require_relative 'jsobfu/utils'
+  require_relative 'jsobfu/ecma_tight'
+  require_relative 'jsobfu/hoister'
+  require_relative 'jsobfu/obfuscator'
+  # @return [JSObfu::Scope] the global scope
+  attr_reader :scope
+  # Saves +code+ for later obfuscation with #obfuscate
+  def initialize(code)
+    @code = code
+    @scope = Scope.new
+  end
+  # Add +str+ to the un-obfuscated code.
+  # Calling this method after #obfuscate is undefined
+  def <<(str)
+    @code << str
+  end
+  # @return [String] the (possibly obfuscated) code
+  def to_s
+    @code
+  end
+  # @return [RKelly::Nodes::SourceElementsNode] the abstract syntax tree
+  def ast
+    @ast || parse
+  end
+  # Parse and obfuscate
+  #
+  # @param opts [Hash] the options hash
+  # @option opts [Boolean] :strip_whitespace allow whitespace in the output code
+  #
+  # @return [String] if successful
+  def obfuscate(opts={})
+    @obfuscator = JSObfu::Obfuscator.new(scope: @scope)
+    @code = @obfuscator.accept(ast).to_s
+    if opts.fetch(:strip_whitespace, true)
+      @code.gsub!(/(^\s+|\s+$)/, '')
+      @code.delete!("\n")
+      @code.delete!("\r")
+    end
+    self
+  end
+  # Returns the obfuscated name for the variable or function +sym+
+  #
+  # @param [String] sym the name of the variable or function
+  # @return [String] the obfuscated name
+  def sym(sym)
+    raise RuntimeError, "Must obfuscate before calling #sym" if @obfuscator.nil?
+    @obfuscator.renames[sym.to_s]
+  end
+protected
+  #
+  # Generate an Abstract Syntax Tree (#ast) for later obfuscation
+  #
+  def parse
+    parser = RKelly::Parser.new
+    @ast = parser.parse(@code)
+  end
+end

data/lib/jsobfu/ecma_tight.rb ADDED Viewed

@@ -0,0 +1,316 @@
+#
+# Implements an ECMAVisitor with minimal whitespace and indentation.
+#
+# Mostly a line-by-line copy of RKelly::Visitors::ECMAVisitor with the
+# whitespace trimmed out.
+#
+class JSObfu::ECMANoWhitespaceVisitor < RKelly::Visitors::ECMAVisitor
+  def visit_ParentheticalNode(o)
+    "(#{o.value.accept(self)})"
+  end
+  def visit_SourceElementsNode(o)
+    o.value.map { |x| "#{x.accept(self)}" }.join
+  end
+  def visit_VarStatementNode(o)
+    "var #{o.value.map { |x| x.accept(self) }.join(',')};"
+  end
+  def visit_ConstStatementNode(o)
+    "const #{o.value.map { |x| x.accept(self) }.join(',')};"
+  end
+  def visit_VarDeclNode(o)
+    "#{o.name}#{o.value ? o.value.accept(self) : nil}"
+  end
+  def visit_AssignExprNode(o)
+    "=#{o.value.accept(self)}"
+  end
+  def visit_NumberNode(o)
+    o.value.to_s
+  end
+  def visit_ForNode(o)
+    init    = o.init ? o.init.accept(self) : ';'
+    init    << ';' unless init.end_with? ';' # make sure it has a ;
+    test    = o.test ? o.test.accept(self) : ''
+    counter = o.counter ? o.counter.accept(self) : ''
+    "for(#{init}#{test};#{counter})#{o.value.accept(self)}"
+  end
+  def visit_LessNode(o)
+    "#{o.left.accept(self)}<#{o.value.accept(self)}"
+  end
+  def visit_ResolveNode(o)
+    o.value
+  end
+  def visit_PostfixNode(o)
+    "#{o.operand.accept(self)}#{o.value}"
+  end
+  def visit_PrefixNode(o)
+    "#{o.value}#{o.operand.accept(self)}"
+  end
+  def visit_BlockNode(o)
+    "{#{o.value.accept(self)}}"
+  end
+  def visit_ExpressionStatementNode(o)
+    "#{o.value.accept(self)};"
+  end
+  def visit_OpEqualNode(o)
+    "#{o.left.accept(self)}=#{o.value.accept(self)}"
+  end
+  def visit_FunctionCallNode(o)
+    "#{o.value.accept(self)}(#{o.arguments.accept(self)})"
+  end
+  def visit_ArgumentsNode(o)
+    o.value.map { |x| x.accept(self) }.join(',')
+  end
+  def visit_StringNode(o)
+    o.value
+  end
+  def visit_NullNode(o)
+    "null"
+  end
+  def visit_FunctionDeclNode(o)
+    "function #{o.value}" + function_params_and_body(o)
+  end
+  def visit_ParameterNode(o)
+    o.value
+  end
+  def visit_FunctionBodyNode(o)
+    "{#{o.value.accept(self)}}"
+  end
+  def visit_BreakNode(o)
+    "break" + (o.value ? " #{o.value}" : '') + ';'
+  end
+  def visit_ContinueNode(o)
+    "continue" + (o.value ? " #{o.value}" : '') + ';'
+  end
+  def visit_TrueNode(o)
+    "true"
+  end
+  def visit_FalseNode(o)
+    "false"
+  end
+  def visit_EmptyStatementNode(o)
+    ';'
+  end
+  def visit_RegexpNode(o)
+    o.value
+  end
+  def visit_DotAccessorNode(o)
+    "#{o.value.accept(self)}.#{o.accessor}"
+  end
+  def visit_ThisNode(o)
+    "this"
+  end
+  def visit_BitwiseNotNode(o)
+    "~#{o.value.accept(self)}"
+  end
+  def visit_DeleteNode(o)
+    "delete #{o.value.accept(self)}"
+  end
+  def visit_ArrayNode(o)
+    "[#{o.value.map { |x| x ? x.accept(self) : '' }.join(',')}]"
+  end
+  def visit_ElementNode(o)
+    o.value.accept(self)
+  end
+  def visit_LogicalNotNode(o)
+    "!#{o.value.accept(self)}"
+  end
+  def visit_UnaryMinusNode(o)
+    "-#{o.value.accept(self)}"
+  end
+  def visit_UnaryPlusNode(o)
+    "+#{o.value.accept(self)}"
+  end
+  def visit_ReturnNode(o)
+    "return" + (o.value ? " #{o.value.accept(self)}" : '') + ';'
+  end
+  def visit_ThrowNode(o)
+    "throw #{o.value.accept(self)};"
+  end
+  def visit_TypeOfNode(o)
+    "typeof #{o.value.accept(self)}"
+  end
+  def visit_VoidNode(o)
+    "void(#{o.value.accept(self)})"
+  end
+  [
+    [:Add, '+'],
+    [:BitAnd, '&'],
+    [:BitOr, '|'],
+    [:BitXOr, '^'],
+    [:Divide, '/'],
+    [:Equal, '=='],
+    [:Greater, '>'],
+    [:GreaterOrEqual, '>='],
+    [:In, 'in'],
+    [:InstanceOf, 'instanceof'],
+    [:LeftShift, '<<'],
+    [:LessOrEqual, '<='],
+    [:LogicalAnd, '&&'],
+    [:LogicalOr, '||'],
+    [:Modulus, '%'],
+    [:Multiply, '*'],
+    [:NotEqual, '!='],
+    [:NotStrictEqual, '!=='],
+    [:OpAndEqual, '&='],
+    [:OpDivideEqual, '/='],
+    [:OpLShiftEqual, '<<='],
+    [:OpMinusEqual, '-='],
+    [:OpModEqual, '%='],
+    [:OpMultiplyEqual, '*='],
+    [:OpOrEqual, '|='],
+    [:OpPlusEqual, '+='],
+    [:OpRShiftEqual, '>>='],
+    [:OpURShiftEqual, '>>>='],
+    [:OpXOrEqual, '^='],
+    [:RightShift, '>>'],
+    [:StrictEqual, '==='],
+    [:Subtract, '-'],
+    [:UnsignedRightShift, '>>>'],
+  ].each do |name,op|
+    define_method(:"visit_#{name}Node") do |o|
+      if op =~ /^[a-z]+$/
+        "#{o.left.accept(self)} #{op} #{o.value.accept(self)}"
+      else
+        "#{o.left.accept(self)}#{op}#{o.value.accept(self)}"
+      end
+    end
+  end
+  def visit_WhileNode(o)
+    "while(#{o.left.accept(self)})#{o.value.accept(self)}"
+  end
+  def visit_SwitchNode(o)
+    "switch(#{o.left.accept(self)})#{o.value.accept(self)}"
+  end
+  def visit_CaseBlockNode(o)
+    "{" + (o.value ? o.value.map { |x| x.accept(self) }.join('') : '') + "}"
+  end
+  def visit_CaseClauseNode(o)
+    if o.left
+      case_code = "case #{o.left.accept(self)}:"
+    else
+      case_code = "default:"
+    end
+    case_code += "#{o.value.accept(self)}"
+    case_code
+  end
+  def visit_DoWhileNode(o)
+    "do#{o.left.accept(self)}while(#{o.value.accept(self)});"
+  end
+  def visit_WithNode(o)
+    "with(#{o.left.accept(self)})#{o.value.accept(self)}"
+  end
+  def visit_LabelNode(o)
+    "#{o.name}:#{o.value.accept(self)}"
+  end
+  def visit_ObjectLiteralNode(o)
+    "{" + o.value.map { |x| x.accept(self) }.join(",\n") + '}'
+  end
+  def visit_PropertyNode(o)
+    "#{o.name}:#{o.value.accept(self)}"
+  end
+  def visit_GetterPropertyNode(o)
+    "get #{o.name}" + function_params_and_body(o.value)
+  end
+  def visit_SetterPropertyNode(o)
+    "set #{o.name}" + function_params_and_body(o.value)
+  end
+  def visit_FunctionExprNode(o)
+    name = (o.value == 'function') ? '' : ' '+o.value
+    "function" + name + function_params_and_body(o)
+  end
+  # Helper for all the various function nodes
+  def function_params_and_body(o)
+    "(#{o.arguments.map { |x| x.accept(self) }.join(',')})" +
+      "#{o.function_body.accept(self)}"
+  end
+  def visit_CommaNode(o)
+    "#{o.left.accept(self)},#{o.value.accept(self)}"
+  end
+  def visit_IfNode(o)
+    "if(#{o.conditions.accept(self)})#{o.value.accept(self)}" +
+      (o.else ? "else #{o.else.accept(self)}" : '')
+  end
+  def visit_ConditionalNode(o)
+    "#{o.conditions.accept(self)}?#{o.value.accept(self)}:" +
+      "#{o.else.accept(self)}"
+  end
+  def visit_ForInNode(o)
+    var = o.left.is_a?(RKelly::Nodes::VarDeclNode) ? 'var ' : ''
+    "for(#{var}#{o.left.accept(self)} in #{o.right.accept(self)})" +
+      "#{o.value.accept(self)}"
+  end
+  def visit_TryNode(o)
+    "try#{o.value.accept(self)}" +
+      (o.catch_block ? " catch(#{o.catch_var})#{o.catch_block.accept(self)}" : '') +
+      (o.finally_block ? " finally#{o.finally_block.accept(self)}" : '')
+  end
+  def visit_BracketAccessorNode(o)
+    "#{o.value.accept(self)}[#{o.accessor.accept(self)}]"
+  end
+  def visit_NewExprNode(o)
+    "new #{o.value.accept(self)}(#{o.arguments.accept(self)})"
+  end
+end

data/lib/jsobfu/hoister.rb ADDED Viewed

@@ -0,0 +1,84 @@
+#
+# Walks a Javascript AST and finds the immediate members of the
+# root scope, which is useful for "hoisting" var and function
+# declaration to the top of the function.
+#
+class JSObfu::Hoister < RKelly::Visitors::Visitor
+  # @return [Hash] the scope maintained while walking the ast
+  attr_reader :scope
+  # @return [Array<String>] the function names in the first level of this closure
+  attr_reader :functions
+  def initialize(opts={})
+    @parent_scope = opts.fetch(:parent_scope, nil)
+    @max_depth  = 1
+    @depth      = 0
+    @scope      = {}
+    @resolves   = []
+    @functions  = []
+    super()
+  end
+  def visit_SourceElementsNode(o)
+    return if @max_depth and @depth >= @max_depth
+    @depth += 1
+    o.value.each { |x| x.accept(self) }
+    @depth -= 1
+  end
+  def visit_VarDeclNode(o)
+    scope[o.name] = o
+  end
+  def visit_FunctionDeclNode(o)
+    @functions << o.value
+    scope[o.value] = o
+  end
+  %w{
+    AddNode ArgumentsNode ArrayNode AssignExprNode BitAndNode BitOrNode
+    BitXOrNode BitwiseNotNode BlockNode BracketAccessorNode BreakNode
+    CaseBlockNode CaseClauseNode CommaNode ConditionalNode
+    ConstStatementNode ContinueNode DeleteNode DivideNode
+    DoWhileNode DotAccessorNode ElementNode EmptyStatementNode EqualNode
+    ExpressionStatementNode FalseNode ForInNode ForNode FunctionBodyNode
+    FunctionExprNode GetterPropertyNode GreaterNode GreaterOrEqualNode
+    IfNode InNode InstanceOfNode LabelNode LeftShiftNode LessNode
+    LessOrEqualNode LogicalAndNode LogicalNotNode LogicalOrNode ModulusNode
+    MultiplyNode NewExprNode NotEqualNode NotStrictEqualNode NullNode
+    NumberNode ObjectLiteralNode OpAndEqualNode OpDivideEqualNode
+    OpEqualNode OpLShiftEqualNode OpMinusEqualNode OpModEqualNode
+    OpMultiplyEqualNode OpOrEqualNode OpPlusEqualNode OpRShiftEqualNode
+    OpURShiftEqualNode OpXOrEqualNode ParameterNode PostfixNode PrefixNode
+    PropertyNode RegexpNode ResolveNode ReturnNode RightShiftNode
+    SetterPropertyNode StrictEqualNode StringNode
+    SubtractNode SwitchNode ThisNode ThrowNode TrueNode TryNode TypeOfNode
+    UnaryMinusNode UnaryPlusNode UnsignedRightShiftNode
+    VoidNode WhileNode WithNode
+  }.each do |type|
+    define_method(:"visit_#{type}") do |o|
+    end
+  end
+  # @return [String] Javascript that declares the discovered variables
+  def scope_declaration(opts={})
+    keys = scope.keys.dup
+    if opts.fetch(:shuffle, true)
+      keys = keys.shuffle
+    end
+    keys.delete_if { |k| @functions.include? k }
+    if @parent_scope
+      keys.delete_if { |k| @parent_scope.has_key? k }
+      keys.map! { |k| @parent_scope.renames[k.to_s] || k }
+    end
+    str = if keys.empty? then '' else "var #{keys.join(",")};" end
+    # puts str if str.length>0
+    str
+  end
+end