js-confuser 1.5.4 → 1.5.5

package/CHANGELOG.md

@@ -1,3 +1,15 @@
+# `1.5.5`
+Updates
+
+- Fixed [#53](https://github.com/MichaelXF/js-confuser/issues/53)
+- - Shuffle to not use common varialbe names like `x`
+
+- Fixed [#60](https://github.com/MichaelXF/js-confuser/issues/60)
+- - Rename Variables to properly handle function parameters
+
+- Fixed [#62](https://github.com/MichaelXF/js-confuser/issues/62)
+- - Rename Variables to properly handle catch-clause parameters
+
 # `1.5.4`
 Small fix
 

package/dist/transforms/identifier/variableAnalysis.js

@@ -100,7 +100,7 @@ class VariableAnalysis extends _transform.default {
           this.globals.add(o.name);
         }
 
-        var definingContexts = info.spec.isDefined ? [(0, _insert.getDefiningContext)(o, p)] : (0, _insert.getReferencingContexts)(o, p, info);
+        var definingContexts = info.spec.isDefined ? (0, _insert.getAllDefiningContexts)(o, p) : (0, _insert.getReferencingContexts)(o, p, info);
         (0, _assert.ok)(definingContexts.length);
         definingContexts.forEach(definingContext => {
           (0, _assert.ok)((0, _insert.isContext)(definingContext), "".concat(definingContext.type, " is not a context"));

package/dist/transforms/shuffle.js

@@ -139,7 +139,8 @@ class Shuffle extends _transform.default {
         }
 
         if (mode !== "hash") {
-          code.push((0, _template.default)("\n            for ( var x = 16; x%4 === 0; x++) {\n              var z = 0;\n              ".concat(inPlace ? "".concat(inPlaceName, " = ").concat(name) : name, " = ").concat(name, ".concat((function(){\n                z++;\n                if(z === 1){\n                  return [];\n                }\n\n                for( var i = ").concat((0, _random.getRandomInteger)(5, 105), "; i; i-- ){\n                  ").concat(name, ".unshift(").concat(name, ".pop());\n                }\n                return [];\n              })());\n            }\n            ")).single());
+          var varPrefix = this.getPlaceholder();
+          code.push((0, _template.default)("\n            for ( var ".concat(varPrefix, "x = 16; ").concat(varPrefix, "x%4 === 0; ").concat(varPrefix, "x++) {\n              var ").concat(varPrefix, "z = 0;\n              ").concat(inPlace ? "".concat(inPlaceName, " = ").concat(name) : name, " = ").concat(name, ".concat((function(){\n                ").concat(varPrefix, "z++;\n                if(").concat(varPrefix, "z === 1){\n                  return [];\n                }\n\n                for( var ").concat(varPrefix, "i = ").concat((0, _random.getRandomInteger)(5, 105), "; ").concat(varPrefix, "i; ").concat(varPrefix, "i-- ){\n                  ").concat(name, ".unshift(").concat(name, ".pop());\n                }\n                return [];\n              })());\n            }\n            ")).single());
         }
 
         code.push((0, _gen.ForStatement)((0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)(iName, expr)), (0, _gen.Identifier)(iName), (0, _gen.UpdateExpression)("--", (0, _gen.Identifier)(iName), false), [// ${name}.unshift(${name}.pop());

package/dist/util/insert.js

@@ -7,6 +7,7 @@ exports.append = append;
 exports.clone = clone;
 exports.deleteDeclaration = deleteDeclaration;
 exports.deleteDirect = deleteDirect;
+exports.getAllDefiningContexts = getAllDefiningContexts;
 exports.getBlockBody = getBlockBody;
 exports.getContexts = getContexts;
 exports.getDefiningContext = getDefiningContext;
@@ -149,6 +150,34 @@ function getDefiningContext(o, p) {
 
   return getVarContext(o, p);
 }
+/**
+ * A more accurate context finding function.
+ * @param o Object
+ * @param p Parents
+ * @returns Contexts
+ */
+
+
+function getAllDefiningContexts(o, p) {
+  var contexts = [getDefiningContext(o, p)];
+  var info = (0, _identifiers.getIdentifierInfo)(o, p);
+
+  if (info.isFunctionParameter) {
+    // Get Function
+    var fn = getFunction(o, p);
+    contexts.push(fn.body);
+  }
+
+  if (info.isClauseParameter) {
+    var catchClause = p.find(x => x.type === "CatchClause");
+
+    if (catchClause) {
+      contexts.push(catchClause.body);
+    }
+  }
+
+  return contexts;
+}
 
 function getReferencingContexts(o, p, info) {
   (0, _identifiers.validateChain)(o, p);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "js-confuser",
-  "version": "1.5.4",
+  "version": "1.5.5",
   "description": "JavaScript Obfuscation Tool.",
   "main": "dist/index.js",
   "types": "index.d.ts",

package/src/transforms/identifier/variableAnalysis.ts

@@ -10,6 +10,7 @@ import {
   getLexContext,
   isContext,
   getReferencingContexts,
+  getAllDefiningContexts,
 } from "../../util/insert";
 import Transform from "../transform";
 
@@ -86,7 +87,7 @@ export default class VariableAnalysis extends Transform {
         }
 
         var definingContexts = info.spec.isDefined
-          ? [getDefiningContext(o, p)]
+          ? getAllDefiningContexts(o, p)
           : getReferencingContexts(o, p, info);
 
         ok(definingContexts.length);

package/src/transforms/shuffle.ts

@@ -166,19 +166,23 @@ export default class Shuffle extends Transform {
         }
 
         if (mode !== "hash") {
+          var varPrefix = this.getPlaceholder();
           code.push(
             Template(`
-            for ( var x = 16; x%4 === 0; x++) {
-              var z = 0;
+            for ( var ${varPrefix}x = 16; ${varPrefix}x%4 === 0; ${varPrefix}x++) {
+              var ${varPrefix}z = 0;
               ${
                 inPlace ? `${inPlaceName} = ${name}` : name
               } = ${name}.concat((function(){
-                z++;
-                if(z === 1){
+                ${varPrefix}z++;
+                if(${varPrefix}z === 1){
                   return [];
                 }
 
-                for( var i = ${getRandomInteger(5, 105)}; i; i-- ){
+                for( var ${varPrefix}i = ${getRandomInteger(
+              5,
+              105
+            )}; ${varPrefix}i; ${varPrefix}i-- ){
                   ${name}.unshift(${name}.pop());
                 }
                 return [];

package/src/util/insert.ts

@@ -125,6 +125,33 @@ export function getDefiningContext(o: Node, p: Node[]): Node {
   return getVarContext(o, p);
 }
 
+/**
+ * A more accurate context finding function.
+ * @param o Object
+ * @param p Parents
+ * @returns Contexts
+ */
+export function getAllDefiningContexts(o: Node, p: Node[]): Node[] {
+  var contexts = [getDefiningContext(o, p)];
+
+  var info = getIdentifierInfo(o, p);
+  if (info.isFunctionParameter) {
+    // Get Function
+    var fn = getFunction(o, p);
+
+    contexts.push(fn.body);
+  }
+
+  if (info.isClauseParameter) {
+    var catchClause = p.find((x) => x.type === "CatchClause");
+    if (catchClause) {
+      contexts.push(catchClause.body);
+    }
+  }
+
+  return contexts;
+}
+
 export function getReferencingContexts(
   o: Node,
   p: Node[],

package/test/transforms/identifier/renameVariables.test.ts

@@ -401,3 +401,38 @@ test("Variant #16: Function with multiple parameters and a default value", async
 
   expect(value).toStrictEqual("Success!");
 });
+
+// https://github.com/MichaelXF/js-confuser/issues/60
+test("Variant #17: Function parameter and lexical variable clash", async () => {
+  var code = `
+  function fun1(a) {
+    let b;
+  }
+  `;
+
+  var output = await JsConfuser(code, {
+    target: "node",
+    renameVariables: true,
+    renameGlobals: true,
+  });
+
+  eval(output);
+});
+
+test("Variant #18: Catch parameter and lexical variable clash", async () => {
+  var code = `
+  try {
+
+  } catch (a){
+    let b;
+  } 
+  `;
+
+  var output = await JsConfuser(code, {
+    target: "node",
+    renameVariables: true,
+    renameGlobals: true,
+  });
+
+  eval(output);
+});

package/test/transforms/shuffle.test.ts

@@ -92,25 +92,44 @@ it("should shuffle arrays based on hash and unshuffle incorrect if changed", asy
 
 // https://github.com/MichaelXF/js-confuser/issues/48
 it("Should properly apply to const variables", async () => {
-    var code = `
+  var code = `
       const TEST_ARRAY = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10];
   
       input(TEST_ARRAY);
     `;
 
-    var output = await JsConfuser(code, {
-      target: "browser",
-      shuffle: true,
-    });
+  var output = await JsConfuser(code, {
+    target: "browser",
+    shuffle: true,
+  });
 
-    expect(output).toContain("TEST_ARRAY=function");
-  
-    var value;
-    function input(valueIn) {
-      value = valueIn;
-    }
-  
-    eval(output);
-  
-    expect(value).toEqual([1, 2, 3, 4, 5, 6, 7, 8, 9, 10]);
-  });
+  expect(output).toContain("TEST_ARRAY=function");
+
+  var value;
+  function input(valueIn) {
+    value = valueIn;
+  }
+
+  eval(output);
+
+  expect(value).toEqual([1, 2, 3, 4, 5, 6, 7, 8, 9, 10]);
+});
+
+// https://github.com/MichaelXF/js-confuser/issues/53
+it("Should not use common variable names like x", async () => {
+  var code = `
+      let x = -999;
+      let a = [1, 2, 3, 4, 5, 6];
+
+      VALUE = a;
+    `;
+
+  var output = await JsConfuser(code, {
+    target: "browser",
+    shuffle: true,
+  });
+
+  var VALUE;
+  eval(output);
+  expect(VALUE).toEqual([1, 2, 3, 4, 5, 6]);
+});