jsobfu 0.1.9 → 0.2.0

checksums.yaml

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    ODI3NGYzZmNkMmU4ZmZmM2M1NzIwMjZjNzBhZDQ0YjhjNzVkYmI4MA==
+    OWVkOTRmZDM5ZDZmYzkwOGFhNGM4MDk0ZjQ3NzljZWVkMWI4OWQwMg==
   data.tar.gz: !binary |-
-    ZjgxMWE0MDFkZGY1YzFlZmFkYTM0ODE2MzJkMWUxZmUxZjZjZGFlNQ==
+    MGQzZGZkMTAxZDUxZmJjZjNhNzc0YzE0NDFkNDQ0MzI4ZjJiYTc4MQ==
 SHA512:
   metadata.gz: !binary |-
-    Yjg0Nzc2MzcyZmUzZWEwNTVjNmYyYmFkMGFmOGM0ODRhNmM3MGVmODUzMjIy
-    YWRjOTdjNzZiZDFjM2VjZGI2ZDIxNTU4ZWRmN2QxZTEyM2I3NjYxMjI4ODMx
-    MjdlNTg2Y2U1ZDJmNTVlYTQ1MGExM2Q4NjZlNTViNTE3MDZmNDg=
+    ZjA5NzRkNWZmMzQ0MDA0ZTkxZWRjMjYyYzc1NWEwZDE5YzcwMDNlZTZiN2E3
+    YTczZmQzZGMxODk1MzBlOTY5NjQwYzIxNTNmZTk5MjdlMzBlZmQ1ZGFiODRm
+    YThhYjAyMjhlYzhiZjliNzg2ZGZlOTc2ZmEwNDliZWNlOTg4MzU=
   data.tar.gz: !binary |-
-    MjUwZmQ4N2UyYmQwZWFmZGEwYmIxMjdkMTljMWIyY2Q4MGJkZmE0YzM0ODhh
-    NDJkOTYwZjYyZGU5NDdmYzg2Mzc2NTFmNjlmZDNmMmMxNzRkYTEyN2IyOTkz
-    NDRiNmU1ODgxMWFkZGFmM2Q2ZmIxOWFmMDMzOWZmMDk4NzFlMTE=
+    NzhkYTM0OTRlM2EwYzgwNzQ2NmI2MGNhOTUzMDVmMjYzYzk4YmQyOTk3Y2Y2
+    ZmJiMTQyZDAwZGJhZGM2YzhlMzQzODAxMjA1MjlhYjE5NDA2NWEzODI0MWQ2
+    M2JmMzEzMjkyMzhjMWJkNWMwMmQyODU1Zjg4MzcyZWU1MTRjMzQ=

data/lib/jsobfu.rb

@@ -47,6 +47,8 @@ class JSObfu
   #   the output code (true)
   # @option opts [Integer] :iterations number of times to run the
   #   obfuscator on this code (1)
+  # @option opts [String] :global the global object to rewrite unresolved lookups to.
+  #   Depending on the environment, it may be `window`, `global`, or `this`.
   # @return [self]
   def obfuscate(opts={})
     return self if JSObfu.disabled?
@@ -55,7 +57,7 @@ class JSObfu
     strip_whitespace = opts.fetch(:strip_whitespace, true)
 
     iterations.times do |i|
-      obfuscator = JSObfu::Obfuscator.new(scope: @scope)
+      obfuscator = JSObfu::Obfuscator.new(opts.merge(scope: @scope))
       @code = obfuscator.accept(ast).to_s
       if strip_whitespace
         @code.gsub!(/(^\s+|\s+$)/, '')
@@ -98,8 +100,7 @@ protected
   # Generate an Abstract Syntax Tree (#ast) for later obfuscation
   #
   def parse
-    parser = RKelly::Parser.new
-    @ast = parser.parse(@code)
+    @ast = RKelly::Parser.new.parse(@code)
   end
 
 end

data/lib/jsobfu/obfuscator.rb

@@ -5,17 +5,22 @@ class JSObfu::Obfuscator < JSObfu::ECMANoWhitespaceVisitor
   # @return [JSObfu::Scope] the scope maintained while walking the ast
   attr_reader :scope
 
-  # Note: At a high level #renames is not that useful, because var shadowing can
-  # cause multiple variables in different contexts to be mapped separately.
-  # - joev
-
   # @return [Hash] of original var/fn names to our new random neames
   attr_reader :renames
 
+  # @return [String] the global object in this JS environment
+  attr_reader :global
+
+  # unresolved lookups are rewritten as property lookups on the global object
+  DEFAULT_GLOBAL = 'window'
+
   # @param opts [Hash] the options hash
   # @option opts [JSObfu::Scope] :scope the optional scope to save vars to
+  # @option opts [String] :global the global object to rewrite unresolved lookups to.
+  #   Depending on the environment, it may be `window`, `global`, or `this`.
   def initialize(opts={})
     @scope = opts.fetch(:scope, JSObfu::Scope.new)
+    @global = opts.fetch(:global, DEFAULT_GLOBAL).to_s
     @renames = {}
     super()
   end
@@ -87,8 +92,14 @@ class JSObfu::Obfuscator < JSObfu::ECMANoWhitespaceVisitor
       o.value = JSObfu::Utils::random_var_encoding(new_val)
       super
     else
-      # A global is used, at least obfuscate the lookup
-      "window[#{JSObfu::Utils::transform_string(o.value, scope, :quotes => false)}]"
+      if o.value.to_s == global.to_s
+        # if the ref is the global object, don't obfuscate it on itself. This helps
+        # "shimmed" globals (like `window=this` at the top of the script) work reliably.
+        super
+      else
+        # A global is used, at least obfuscate the lookup
+        "#{global}[#{JSObfu::Utils::transform_string(o.value, scope, :quotes => false)}]"
+      end
     end
   end
 

data/spec/integration_spec.rb

@@ -19,7 +19,7 @@ describe 'Integrations' do
       num = $1.to_i
     end
 
-    # ensure there is a global object to reference.
+    # ensure there is a global object to reference, regardless of the JS backend.
     js = "window=this; #{js}"
 
     num.times do

data/spec/jsobfu/obfuscator_spec.rb

@@ -0,0 +1,34 @@
+require 'spec_helper'
+require 'rkelly'
+
+describe JSObfu::Obfuscator do
+  let(:opts) { { } }
+  subject(:obfuscator) { described_class.new(opts) }
+
+  describe 'the :global option' do
+    let(:global_str) { 'BLAHBLAH' }
+    let(:opts) { { global: global_str } }
+    let(:simple_js) { 'x;' }
+    let(:simple_ast) { RKelly::Parser.new.parse(simple_js) }
+
+    it 'rewrites unresolved lookups as property lookups on the specified global object' do
+      expect(obfuscator.accept(simple_ast).to_s).to include(global_str)
+    end
+
+    context 'when the code contains `this`' do
+      let(:simple_js) { 'this;' }
+      it 'never rewrites `this`' do
+        expect(obfuscator.accept(simple_ast).to_s).not_to include(global_str)
+      end
+    end
+
+    context 'when the global object is specified' do
+      let(:global_str) { 'mywindow2' }
+      let(:simple_js) { "mywindow2;" }
+      it 'never rewrites itself' do
+        expect(obfuscator.accept(simple_ast).to_s).to eq(simple_js)
+      end
+    end
+  end
+
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: jsobfu
 version: !ruby/object:Gem::Version
-  version: 0.1.9
+  version: 0.2.0
 platform: ruby
 authors:
 - James Lee
@@ -114,6 +114,7 @@ files:
 - spec/integration_spec.rb
 - spec/jsobfu/disable_spec.rb
 - spec/jsobfu/hoister_spec.rb
+- spec/jsobfu/obfuscator_spec.rb
 - spec/jsobfu/scope_spec.rb
 - spec/jsobfu/utils_spec.rb
 - spec/jsobfu_spec.rb