@dacely/toildefender 0.1.4 → 0.1.6

package/processors/numericVm.js

@@ -213,6 +213,15 @@ function veilmark$numericVmRun(program, base, tokenCount, seed, tag, constants,
         return value;
     }
 
+    function readConstant(index) {
+        var cell = constants[index];
+        if (cell && cell[0] === 0 && typeof cell[1] === "function") {
+            cell[1] = cell[1]();
+            cell[0] = 1;
+        }
+        return cell && cell[0] === 1 ? cell[1] : cell;
+    }
+
     function read() {
         if (ip < 0 || ip >= tokenCount) throw new Error("invalid virtual opcode");
         var value = decodeAt(ip);
@@ -254,7 +263,7 @@ function veilmark$numericVmRun(program, base, tokenCount, seed, tag, constants,
         if (op === ops[3]) { push(true); continue; }
         if (op === ops[4]) { push(false); continue; }
         if (op === ops[5]) { push(readUnsigned()); continue; }
-        if (op === ops[6]) { push(constants[readUnsigned()]); continue; }
+        if (op === ops[6]) { push(readConstant(readUnsigned())); continue; }
         if (op === ops[7]) { push(frameArgs[readUnsigned()]); continue; }
         if (op === ops[8]) { push(loadLocal(readUnsigned())); continue; }
         if (op === ops[9]) { storeLocal(readUnsigned(), pop()); continue; }
@@ -281,7 +290,7 @@ function veilmark$numericVmRun(program, base, tokenCount, seed, tag, constants,
         if (op === ops[30]) { var jf = readSigned(); if (!pop()) ip += jf; continue; }
         if (op === ops[31]) { var jt = readSigned(); if (pop()) ip += jt; continue; }
         if (op === ops[32]) { readUnsigned(); var argc = readUnsigned(); var ca = popArgs(argc); var fn = pop(); push(fn.apply(undefined, ca)); continue; }
-        if (op === ops[33]) { readUnsigned(); var largc = readUnsigned(); var la = popArgs(largc); var lfn = constants[readUnsigned()]; push(lfn.apply(undefined, la)); continue; }
+        if (op === ops[33]) { readUnsigned(); var largc = readUnsigned(); var la = popArgs(largc); var lfn = readConstant(readUnsigned()); push(lfn.apply(undefined, la)); continue; }
         if (op === ops[34]) { var gpKey = pop(); var gpObj = pop(); push(gpObj[gpKey]); continue; }
         if (op === ops[35]) { var spValue = pop(); var spKey = pop(); var spObj = pop(); spObj[spKey] = spValue; push(spValue); continue; }
         if (op === ops[36]) { var ac = readUnsigned(); var arr = new Array(ac); var ai = ac; while (ai > 0) { ai -= 1; arr[ai] = pop(); } push(arr); continue; }
@@ -292,6 +301,8 @@ function veilmark$numericVmRun(program, base, tokenCount, seed, tag, constants,
         if (op === ops[41]) { push(argsLike); continue; }
         if (op === ops[42]) { push(typeof pop()); continue; }
         if (op === ops[43]) { var mc = readUnsigned(); var ma = popArgs(mc); var mk = pop(); var mo = pop(); push(mo[mk].apply(mo, ma)); continue; }
+        if (op === ops[44]) { var cgpKey = readConstant(readUnsigned()); var cgpObj = pop(); push(cgpObj[cgpKey]); continue; }
+        if (op === ops[45]) { storeLocal(readUnsigned(), pop()); continue; }
         throw new Error("invalid virtual opcode");
     }
 }
@@ -304,7 +315,7 @@ var OP_NAMES = [
     "STRICT_EQ", "STRICT_NEQ", "LT", "LTE", "GT", "GTE", "JMP", "JMP_FALSE",
     "JMP_TRUE", "CALL_EXT", "CALL_LOCAL", "GET_PROP", "SET_PROP", "MAKE_ARRAY",
     "MAKE_OBJECT", "RETURN", "THROW", "PUSH_THIS", "PUSH_ARGUMENTS", "TYPEOF",
-    "CALL_METHOD"
+    "CALL_METHOD", "GET_CONST_PROP", "STORE_LOCAL_POP"
 ];
 
 var BASES = [257, 263, 269, 521, 1031, 4099, 65537];
@@ -318,6 +329,7 @@ function unary(operator, argument) { return { type: "UnaryExpression", operator:
 function member(object, property) { return { type: "MemberExpression", object: object, property: property, computed: true }; }
 function arrayExpression(values) { return { type: "ArrayExpression", elements: values }; }
 function returnStatement(argument) { return { type: "ReturnStatement", argument: argument }; }
+function functionExpression(body) { return { type: "FunctionExpression", id: null, params: [], body: { type: "BlockStatement", body: body }, generator: false, expression: false, async: false }; }
 function functionName(node) { return node.id && node.id.name ? node.id.name : ""; }
 
 function hashSeed(seed) {
@@ -833,6 +845,29 @@ Compiler.prototype.instructionSize = function (instr, positions) {
     }
     return size;
 };
+Compiler.prototype.isInstruction = function (instr, op) {
+    return instr && !instr.label && instr.op === op;
+};
+Compiler.prototype.fuseSuperinstructions = function () {
+    var out = [];
+    for (var i = 0; i < this.instructions.length; i += 1) {
+        var one = this.instructions[i];
+        var two = this.instructions[i + 1];
+        var three = this.instructions[i + 2];
+        if (this.isInstruction(one, "PUSH_CONST") && this.isInstruction(two, "GET_PROP")) {
+            out.push({ op: "GET_CONST_PROP", args: [one.args[0]] });
+            i += 1;
+            continue;
+        }
+        if (this.isInstruction(one, "DUP") && this.isInstruction(two, "STORE_LOCAL") && this.isInstruction(three, "POP")) {
+            out.push({ op: "STORE_LOCAL_POP", args: [two.args[0]] });
+            i += 2;
+            continue;
+        }
+        out.push(one);
+    }
+    this.instructions = out;
+};
 Compiler.prototype.assemble = function () {
     var positions = new Map();
     var stable = false;
@@ -896,14 +931,21 @@ Compiler.prototype.constantExpression = function (constant) {
     if (constant.kind === "undefined") return { type: "UnaryExpression", operator: "void", prefix: true, argument: literal(0) };
     throw new Error("unsupported constant " + constant.kind);
 };
+Compiler.prototype.constantCellExpression = function (constant) {
+    return arrayExpression([
+        literal(0),
+        functionExpression([ returnStatement(this.constantExpression(constant)) ])
+    ]);
+};
 Compiler.prototype.finish = function () {
+    this.fuseSuperinstructions();
     var tokens = this.assemble();
     var encrypted = encryptedStream(tokens, this.dialect.base, this.dialect.seed);
     var opValues = OP_NAMES.map(name => this.dialect.opcodes[name]);
     var record = {
         base: this.dialect.base,
         blob: packTokens(encrypted.encrypted, this.dialect.base),
-        constants: this.constants.map(this.constantExpression.bind(this)),
+        constants: this.constants.map(this.constantCellExpression.bind(this)),
         opValues: opValues.map(literal),
         seed: this.dialect.seed,
         tag: encrypted.tag,

package/processors/scopes.js

@@ -9,6 +9,21 @@ var ESUtils = require("../esutils");
 var traverser = require("../traverser");
 var utils = require("../utils");
 
+function isClassMethodFunction(stack) {
+    return stack.some(frame => frame.node.type == "MethodDefinition" || frame.node.type == "ClassBody");
+}
+
+function isClassMethodScope(scope) {
+    var node = scope && scope.block;
+    while (node) {
+        if (node.type == "MethodDefinition" || node.type == "ClassBody") {
+            return true;
+        }
+        node = node.veilmark$parent;
+    }
+    return false;
+}
+
 module.exports = class Scopes {
 
     constructor (logger) {
@@ -33,6 +48,9 @@ module.exports = class Scopes {
         var scopes = scopeManager.acquireAll(ast);
         var rngAlpha = new utils.UniqueRandomAlpha(3);
         scopeManager.scopes.forEach(scope => {
+            if (!this.esutils.canInsertIntoScope(scope) || isClassMethodScope(scope)) {
+                return;
+            }
             var scopeVarName = `$$scope$${rngAlpha.get()}`;
             
             var counter = 0;
@@ -132,6 +150,9 @@ module.exports = class Scopes {
                             });
                         });
                     } else if (def.type == "FunctionName") {
+                        if (def.node.type == "FunctionExpression") {
+                            return;
+                        }
                         variable.references.forEach(reference => {
                             this.esutils.replaceNode(scope.block, reference.identifier, {
                                 type: "CallExpression",
@@ -150,6 +171,10 @@ module.exports = class Scopes {
                 if (scope.block == node) {
                     return node;
                 }
+
+                if (isClassMethodFunction(stack)) {
+                    return node;
+                }
                 
                 if (node.type.indexOf("Function") == 0) {
                     node.params.unshift({

package/processors/uglifier.js

@@ -3,8 +3,202 @@
 var assert = require("assert");
 
 var esshorten = require("esshorten");
+var escope = require("escope");
 
 var estest = require("../estest");
+var traverser = require("../traverser");
+
+var RESERVED_WORDS = new Set([
+    "await",
+    "break",
+    "case",
+    "catch",
+    "class",
+    "const",
+    "continue",
+    "debugger",
+    "default",
+    "delete",
+    "do",
+    "else",
+    "enum",
+    "export",
+    "extends",
+    "false",
+    "finally",
+    "for",
+    "function",
+    "if",
+    "import",
+    "in",
+    "instanceof",
+    "new",
+    "null",
+    "return",
+    "super",
+    "switch",
+    "this",
+    "throw",
+    "true",
+    "try",
+    "typeof",
+    "var",
+    "void",
+    "while",
+    "with",
+    "yield",
+    "arguments",
+    "undefined"
+]);
+
+var FIRST_CHARS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_$";
+var REST_CHARS = FIRST_CHARS + "0123456789";
+
+function containsModernBindings(ast) {
+    var found = false;
+    traverser.traverseEx(ast, [], function (node) {
+        if (
+            (node.type == "VariableDeclaration" && node.kind != "var")
+            || node.type == "ClassDeclaration"
+            || node.type == "ClassExpression"
+        ) {
+            found = true;
+            this.abort();
+        }
+        return node;
+    });
+    return found;
+}
+
+function shortName(index) {
+    var name = FIRST_CHARS[index % FIRST_CHARS.length];
+    index = Math.floor(index / FIRST_CHARS.length);
+    while (index > 0) {
+        index -= 1;
+        name += REST_CHARS[index % REST_CHARS.length];
+        index = Math.floor(index / REST_CHARS.length);
+    }
+    return name;
+}
+
+function isRenamableVariable(scope, variable) {
+    if (scope.type == "global") {
+        return false;
+    }
+    if (variable.name == "arguments" || variable.name == "undefined") {
+        return false;
+    }
+    if (variable.tainted) {
+        return false;
+    }
+    if (!variable.identifiers || variable.identifiers.length == 0) {
+        return false;
+    }
+    if (variable.defs && variable.defs.some(def => def.type == "ClassName")) {
+        return false;
+    }
+    return true;
+}
+
+function reserveUnrenamedNames(scopeManager, renamable) {
+    var reserved = new Set(RESERVED_WORDS);
+    scopeManager.scopes.forEach(scope => {
+        scope.variables.forEach(variable => {
+            if (!renamable.has(variable)) {
+                reserved.add(variable.name);
+            }
+        });
+        scope.through.forEach(reference => {
+            if (!reference.resolved) {
+                reserved.add(reference.identifier.name);
+            }
+        });
+    });
+    return reserved;
+}
+
+function buildParentMap(ast) {
+    var parents = new WeakMap();
+    traverser.traverse(ast, [], function (node, stack) {
+        var parentFrame = stack[1];
+        if (parentFrame) {
+            parents.set(node, parentFrame.node);
+        }
+        return node;
+    });
+    return parents;
+}
+
+function renameIdentifier(identifier, name, parents) {
+    var parent = parents.get(identifier);
+    if (
+        parent
+        && parent.type == "Property"
+        && parent.shorthand === true
+        && (parent.key === identifier || parent.value === identifier)
+    ) {
+        parent.shorthand = false;
+        parent.key = {
+            type: "Identifier",
+            name: identifier.name
+        };
+        parent.value = {
+            type: "Identifier",
+            name: name
+        };
+        parents.set(parent.key, parent);
+        parents.set(parent.value, parent);
+        return;
+    }
+
+    identifier.name = name;
+}
+
+function modernMangle(ast) {
+    var scopeManager = escope.analyze(ast, {
+        ecmaVersion: 6,
+        optimistic: true,
+        sourceType: "script"
+    });
+
+    var variables = [];
+    scopeManager.scopes.forEach(scope => {
+        scope.variables.forEach(variable => {
+            if (isRenamableVariable(scope, variable)) {
+                variables.push({ scope: scope, variable: variable });
+            }
+        });
+    });
+
+    variables.sort((left, right) => {
+        var leftWeight = left.variable.references.length + left.variable.identifiers.length;
+        var rightWeight = right.variable.references.length + right.variable.identifiers.length;
+        return rightWeight - leftWeight;
+    });
+
+    var renamable = new Set(variables.map(entry => entry.variable));
+    var used = reserveUnrenamedNames(scopeManager, renamable);
+    var parents = buildParentMap(ast);
+    var next = 0;
+
+    variables.forEach(entry => {
+        var name;
+        do {
+            name = shortName(next);
+            next += 1;
+        } while (used.has(name) || RESERVED_WORDS.has(name));
+        used.add(name);
+
+        entry.variable.identifiers.forEach(identifier => {
+            renameIdentifier(identifier, name, parents);
+        });
+        entry.variable.references.forEach(reference => {
+            renameIdentifier(reference.identifier, name, parents);
+        });
+    });
+
+    return ast;
+}
 
 module.exports = class Uglifier {
 
@@ -19,8 +213,11 @@ module.exports = class Uglifier {
      */
     uglify (ast) {
         assert.ok(estest.isNode(ast));
-        
+
+        if (containsModernBindings(ast)) {
+            return modernMangle(ast);
+        }
         return esshorten.mangle(ast);
     }
 
-};
+};

package/processors/variables.js

@@ -9,6 +9,74 @@ var ESUtils = require("../esutils");
 var traverser = require("../traverser");
 var utils = require("../utils");
 
+function isReferenceIdentifier(node, stack) {
+    var parentFrame = stack[1];
+    if (!parentFrame) {
+        return true;
+    }
+
+    var parent = parentFrame.node;
+    var key = parentFrame.key;
+
+    if ((parent.type == "FunctionDeclaration" || parent.type == "FunctionExpression") && (key == "id" || key == "params")) {
+        return false;
+    }
+    if ((parent.type == "ClassDeclaration" || parent.type == "ClassExpression") && key == "id") {
+        return false;
+    }
+    if (parent.type == "VariableDeclarator" && key == "id") {
+        return false;
+    }
+    if (parent.type == "CatchClause" && key == "param") {
+        return false;
+    }
+    if ((parent.type == "MemberExpression" || parent.type == "Property") && key == "property" && parent.computed === false) {
+        return false;
+    }
+    if (parent.type == "Property" && key == "key" && parent.computed === false) {
+        return false;
+    }
+    if ((parent.type == "MethodDefinition" || parent.type == "PropertyDefinition" || parent.type == "FieldDefinition") && key == "key" && parent.computed === false) {
+        return false;
+    }
+    if ((parent.type == "LabeledStatement" || parent.type == "BreakStatement" || parent.type == "ContinueStatement") && key == "label") {
+        return false;
+    }
+
+    return true;
+}
+
+function functionExpressionUsesOwnName(node) {
+    assert.equal(node.type, "FunctionExpression");
+
+    if (!node.id) {
+        return false;
+    }
+
+    var name = node.id.name;
+    var used = false;
+
+    traverser.traverse(node.body, [], (child, stack) => {
+        if (child.type == "Identifier" && child.name == name && isReferenceIdentifier(child, stack)) {
+            used = true;
+        }
+        return child;
+    });
+
+    return used;
+}
+
+function isClassMethodScope(scope) {
+    var node = scope && scope.block;
+    while (node) {
+        if (node.type == "MethodDefinition" || node.type == "ClassBody") {
+            return true;
+        }
+        node = node.veilmark$parent;
+    }
+    return false;
+}
+
 module.exports = class Variables {
 
     constructor (logger) {
@@ -25,7 +93,7 @@ module.exports = class Variables {
      */
     removeFunctionExpressionIds (ast) {
         return traverser.traverse(ast, [], (node, stack) => {
-            if (node.type == "FunctionExpression" && node.id) {
+            if (node.type == "FunctionExpression" && node.id && !functionExpressionUsesOwnName(node)) {
                 node.id = null;
             }
             return node;
@@ -46,6 +114,9 @@ module.exports = class Variables {
         this.esutils.setParentsRecursive(ast);
         
         scopeManager.scopes.forEach(scope => {
+            if (!this.esutils.canInsertIntoScope(scope) || isClassMethodScope(scope)) {
+                return;
+            }
             scope.variables.forEach(variable => {
                 variable.defs.forEach(def => {
                     if (def.type == "FunctionName") {
@@ -68,7 +139,10 @@ module.exports = class Variables {
                                         init: {
                                             type: "FunctionExpression",
                                             params: def.node.params,
-                                            body: def.node.body
+                                            body: def.node.body,
+                                            generator: def.node.generator === true,
+                                            expression: def.node.expression === true,
+                                            async: def.node.async === true
                                         }
                                     }
                                 ]
@@ -90,6 +164,9 @@ module.exports = class Variables {
      */
     obfuscateIdentifiers (ast, scopeManager) {
         scopeManager.scopes.forEach(scope => {
+            if (isClassMethodScope(scope)) {
+                return;
+            }
             if (scope.isStatic()) {
                 scope.variables.sort((a, b) => {
                     if (a.tainted) {
@@ -104,6 +181,10 @@ module.exports = class Variables {
                 for (let variable of scope.variables) {
                     var name = "$$var$" + utils.hash(variable) + "$" + variable.name;
 
+                    if (variable.defs.some(def => def.type == "ClassName")) {
+                        continue;
+                    }
+
                     if (variable.tainted) {
                         continue;
                     }
@@ -155,6 +236,9 @@ module.exports = class Variables {
         var rng = new utils.UniqueRandomAlpha(3);
         
         scopeManager.scopes.forEach(scope => {
+            if (!this.esutils.canInsertIntoScope(scope) || isClassMethodScope(scope)) {
+                return;
+            }
             scope.variables.forEach(variable => {
                 variable.defs.forEach(def => {
                     if (def.type == "Parameter") {

package/traverser.js

@@ -7,6 +7,12 @@ var estraverse = require("estraverse");
 var estest = require("./estest");
 var utils = require("./utils");
 
+var VISITOR_KEYS = Object.assign({}, estraverse.VisitorKeys, {
+    ChainExpression: [ "expression" ],
+    PropertyDefinition: [ "key", "value" ],
+    FieldDefinition: [ "key", "value" ]
+});
+
 // Depth-first
 exports.traverse = function (node, stack, processor) {
     assert.ok(estest.isNode(node));
@@ -57,7 +63,7 @@ exports.visitChildren = function (node, processor) {
     assert.ok(estest.isNode(node));
     assert.equal(typeof processor, "function");
     
-    var keys = estraverse.VisitorKeys[node.type] || [];
+    var keys = VISITOR_KEYS[node.type] || [];
     keys.forEach(key => {
         if (Array.isArray(node[key])) {
             node[key] = node[key].map(x => {
@@ -80,7 +86,7 @@ exports.visitChildrenEx = function (node, processor) {
     assert.ok(estest.isNode(node));
     assert.equal(typeof processor, "function");
     
-    var keys = estraverse.VisitorKeys[node.type] || [];
+    var keys = VISITOR_KEYS[node.type] || [];
     keys.forEach(key => {
         if (Array.isArray(node[key])) {
             let i = node[key].length;