jsobfu 0.2.1 → 0.3.0

checksums.yaml

@@ -1,15 +1,7 @@
 ---
-!binary "U0hBMQ==":
-  metadata.gz: !binary |-
-    ZjMwNzdiYThlZjA5YzdlZDVhZmUwYWE5MThhNzY1MDBiOGQ2ZTAxMg==
-  data.tar.gz: !binary |-
-    ZTY0ZDAyNDllMmRiNDRjZDkyYTFjOWYyNzllZGM3ZGYxNTRkMGVlYQ==
+SHA1:
+  metadata.gz: d61cd6788963eb7f3079f126f4fc74ec831a7dd5
+  data.tar.gz: a7de9413eda46fe02f80eba2916006113e7bff25
 SHA512:
-  metadata.gz: !binary |-
-    ZDA0Mjg0Y2YyODg1YTAxYmE2YzlmNDQ3NDllMzI0ZDE5YTgxZjdiYjM0OGU2
-    M2VkMzdhZDE3ZjI0MjA2OThkOGFkZWM4NGZhM2E3OTdmMWVmYzcxNDljMTYw
-    YTM0Zjg5NzJhZTU4MzA5NjA3OTc2NDdiNzY1MzgzMjRmYzJmNDk=
-  data.tar.gz: !binary |-
-    MjRkMmJhMDhjZDVjZjBjNjIzYWFlMjUwYmU0Y2VjYTgzZTdiODcwZDhmMDQ5
-    YjNjNTRlNWUwOWJiYmE4ZDVmZWMxNjVmZTg1ZTFmYjkwZDVjYThjNGViYTY2
-    YjhlOTgyOGQ2MDNjZTA5ZWIwOGJkZDljN2IxYTNlNjlmNGEwZGQ=
+  metadata.gz: d45a69e75aa3bb6f73e7d3cc361e631917f32147f278118c08567312ddf6aae589449dde9e0f1af8efbf8a1db3d0112fbc612927bee49d2eeca244195d795c73
+  data.tar.gz: 9ca1927799eea1eccbdc64616dcb9fb9425d432d8b0500a19ad3a20aa492830fe4d9480d6207d45693f8d06481624b42e93d8d2ae15500ef72128399aee6baeb

data/lib/jsobfu.rb

@@ -19,9 +19,12 @@ class JSObfu
 
   # Saves +code+ for later obfuscation with #obfuscate
   # @param code [#to_s] the code to obfuscate
-  def initialize(code)
-    @code = code.to_s
-    @scope = Scope.new
+  # @param opts [Hash] an options hash
+  # @option opts [JSObfu::Scope] a pre-existing scope. This is useful for preserving
+  #   variable rename maps between separate obfuscations of different scripts.
+  def initialize(code=nil, opts={})
+    self.code = code
+    @scope = opts.fetch(:scope) { Scope.new }
   end
 
   # Add +str+ to the un-obfuscated code.
@@ -37,7 +40,14 @@ class JSObfu
 
   # @return [RKelly::Nodes::SourceElementsNode] the abstract syntax tree
   def ast
-    @ast || parse
+    @ast ||= parse
+  end
+
+  # Sets the code that this obfuscator will transform
+  # @param [String] code
+  def code=(code)
+    @ast = nil # invalidate any previous parses
+    @code = code
   end
 
   # Parse and obfuscate
@@ -49,9 +59,13 @@ class JSObfu
   #   obfuscator on this code (1)
   # @option opts [String] :global the global object to rewrite unresolved lookups to.
   #   Depending on the environment, it may be `window`, `global`, or `this`.
+  # @option opts [Boolean] :memory_sensitive the execution environment is sensitive
+  #   to changes in memory usage (e.g. a heap spray). This disables string transformations
+  #   and other "noisy" obfuscation tactics. (false)
   # @return [self]
   def obfuscate(opts={})
     return self if JSObfu.disabled?
+    raise ArgumentError.new("code must be present") if @code.nil?
 
     iterations = opts.fetch(:iterations, 1).to_i
     strip_whitespace = opts.fetch(:strip_whitespace, true)
@@ -65,15 +79,12 @@ class JSObfu
         @code.delete!("\r")
       end
 
-      new_renames = obfuscator.renames.dup
       if @renames
         # "patch up" the renames after each iteration
-        @renames.each do |key, prev_rename|
-          @renames[key] = new_renames[prev_rename]
-        end
+        @renames.merge! (obfuscator.renames)
       else
         # on first iteration, take the renames as-is
-        @renames = new_renames
+        @renames = obfuscator.renames.dup
       end
 
       unless i == iterations-1
@@ -82,6 +93,9 @@ class JSObfu
       end
     end
 
+    # Enter all of the renames into current scope
+    @scope.renames.merge!(@renames || {})
+
     self
   end
 
@@ -96,11 +110,10 @@ class JSObfu
 
 protected
 
-  #
   # Generate an Abstract Syntax Tree (#ast) for later obfuscation
-  #
+  # @return [RKelly::Nodes::SourceElementsNode] the abstract syntax tree
   def parse
-    @ast = RKelly::Parser.new.parse(@code)
+    RKelly::Parser.new.parse(@code)
   end
 
 end

data/lib/jsobfu/obfuscator.rb

@@ -21,9 +21,13 @@ class JSObfu::Obfuscator < JSObfu::ECMANoWhitespaceVisitor
   # @option opts [JSObfu::Scope] :scope the optional scope to save vars to
   # @option opts [String] :global the global object to rewrite unresolved lookups to.
   #   Depending on the environment, it may be `window`, `global`, or `this`.
+  # @option opts [Boolean] :memory_sensitive the execution environment is sensitive
+  #   to changes in memory usage (e.g. a heap spray). This disables string transformations
+  #   and other "noisy" obfuscation tactics. (false)
   def initialize(opts={})
-    @scope = opts.fetch(:scope, JSObfu::Scope.new)
+    @scope = opts.fetch(:scope) { JSObfu::Scope.new }
     @global = opts.fetch(:global, DEFAULT_GLOBAL).to_s
+    @memory_sensitive = !!opts.fetch(:memory_sensitive, false)
     @renames = {}
     super()
   end
@@ -99,7 +103,7 @@ class JSObfu::Obfuscator < JSObfu::ECMANoWhitespaceVisitor
       o.value = JSObfu::Utils::random_var_encoding(new_val)
       super
     else
-      if o.value.to_s == global.to_s
+      if @memory_sensitive || o.value.to_s == global.to_s
         # if the ref is the global object, don't obfuscate it on itself. This helps
         # "shimmed" globals (like `window=this` at the top of the script) work reliably.
         super
@@ -112,8 +116,12 @@ class JSObfu::Obfuscator < JSObfu::ECMANoWhitespaceVisitor
 
   # Called on a dot lookup, like X.Y
   def visit_DotAccessorNode(o)
-    obf_str = JSObfu::Utils::transform_string(o.accessor, scope, :quotes => false)
-    "#{o.value.accept(self)}[(#{obf_str})]"
+    if @memory_sensitive
+      super
+    else
+      obf_str = JSObfu::Utils::transform_string(o.accessor, scope, :quotes => false)
+      "#{o.value.accept(self)}[(#{obf_str})]"
+    end
   end
 
   # Called when a parameter is declared. "Shadowed" parameters in the original
@@ -127,20 +135,28 @@ class JSObfu::Obfuscator < JSObfu::ECMANoWhitespaceVisitor
   # A property node in an object "{}"
   def visit_PropertyNode(o)
     # if it is a non-alphanumeric property, obfuscate the string's bytes
-    if o.name =~ /^[a-zA-Z_][a-zA-Z0-9_]*$/
-       o.instance_variable_set :@name, '"'+JSObfu::Utils::random_string_encoding(o.name)+'"'
+    unless @memory_sensitive
+      if o.name =~ /^[a-zA-Z_][a-zA-Z0-9_]*$/
+         o.instance_variable_set :@name, '"'+JSObfu::Utils::random_string_encoding(o.name)+'"'
+      end
     end
 
     super
   end
 
   def visit_NumberNode(o)
-    o.value = JSObfu::Utils::transform_number(o.value)
+    unless @memory_sensitive
+      o.value = JSObfu::Utils::transform_number(o.value)
+    end
+
     super
   end
 
   def visit_StringNode(o)
-    o.value = JSObfu::Utils::transform_string(o.value, scope)
+    unless @memory_sensitive
+      o.value = JSObfu::Utils::transform_string(o.value, scope)
+    end
+
     super
   end
 

data/spec/jsobfu_spec.rb

@@ -1,20 +1,22 @@
 require 'spec_helper'
+require 'execjs'
 
 describe JSObfu do
 
-  TEST_STRING = 'var x; function y() {};'
+  let(:js) { 'var x; function y() {};' }
 
   subject(:jsobfu) do
-    described_class.new(TEST_STRING)
+    described_class.new(js)
   end
 
-  let(:iterations) { 1 }
+  describe '#sym' do
 
-  before do
-    jsobfu.obfuscate(iterations: iterations)
-  end
+    let(:iterations) { 1 }
+
+    before do
+      jsobfu.obfuscate(iterations: iterations)
+    end
 
-  describe '#sym' do
     context 'when given the string "x"' do
       it 'returns some string' do
         expect(jsobfu.sym('x')).not_to be_nil
@@ -44,4 +46,90 @@ describe JSObfu do
     end
   end
 
+  describe '#obfuscate' do
+
+    describe 'the :iterations option' do
+
+      describe 'when :iterations is 1' do
+
+        let(:js) { 'this.test = function() { return 5; }' }
+
+        it 'evaluates to the same result as when :iterations is 5' do
+          obfu1 = described_class.new(js).obfuscate(iterations: 1).to_s
+          obfu5 = described_class.new(js).obfuscate(iterations: 5).to_s
+          expect(obfu1).to evaluate_to(obfu5)
+        end
+      end
+
+    end
+
+    describe 'the :memory_sensitive option' do
+
+      let(:match) { "ABCDEFG" }
+      let(:js) { "var x = '#{match}'" }
+
+      describe 'when true' do
+        10.times do
+
+          it 'does not obfuscate String literals' do
+            expect(jsobfu.obfuscate(memory_sensitive: true).to_s).to include(match)
+          end
+
+        end
+      end
+
+      describe 'when false' do
+        10.times do
+
+          it 'obfuscates String literals' do
+            expect(jsobfu.obfuscate(memory_sensitive: false).to_s).not_to include(match)
+          end
+
+        end
+      end
+
+    end
+
+    describe 'preserving the variable map across calls' do
+
+      let(:code1) { 'var Blah = 1;' }
+      let(:code2) { 'this.test = function(){ return Blah + 1; };' }
+
+      describe 'when calling obfuscate again after changing the code' do
+
+        it 'preserves the variable map' do
+          js = JSObfu.new(code1)
+          obf1 = js.obfuscate.to_s
+          js.code = code2
+          obf2 = js.obfuscate.to_s
+
+          expect(obf1+obf2).to evaluate_to(code1+code2)
+        end
+
+      end
+
+      describe 'when calling obfuscate twice after changing the code' do
+
+        let(:code2) { 'var Foo = 2;' }
+        let(:code3) { 'this.test = function(){ return Blah + Foo + 1; };' }
+
+        it 'preserves the variable map' do
+          js = JSObfu.new
+
+          js.code = code1
+          obf1 = js.obfuscate.to_s
+          js.code = code2
+          obf2 = js.obfuscate.to_s
+          js.code = code3
+          obf3 = js.obfuscate.to_s
+
+          expect(obf1+obf2+obf3).to evaluate_to(code1+code2+code3)
+        end
+
+      end
+
+    end
+
+  end
+
 end

data/spec/spec_helper.rb

@@ -2,6 +2,7 @@ require 'simplecov'
 require 'rspec/core'
 require 'rspec/mocks'
 require 'jsobfu'
+require 'pathname'
 
 # Requires supporting ruby files with custom matchers and macros, etc,
 # in spec/support/ and its subdirectories.

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: jsobfu
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.3.0
 platform: ruby
 authors:
 - James Lee
@@ -29,70 +29,70 @@ dependencies:
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '3.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '3.1'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: execjs
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: yard
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: 
@@ -131,12 +131,12 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []