Update flASt and Obfuscation-Detector (#119)

* Update flAST and Obfuscation-Detector and adjust code and tests accordingly * Replace the experimental JSON read with node:fs
PerimeterX · Oct 17, 2024 · 1da6fb7 · 1da6fb7
1 parent 244c068
commit 1da6fb7
Show file tree

Hide file tree

Showing 16 changed files with 34 additions and 52 deletions.
diff --git a/README.md b/README.md
@@ -86,11 +86,10 @@ The basic structure of such a deobfuscator would be an array of deobfuscation mo
 Unsafe modules run code through `eval` (using [isolated-vm](https://www.npmjs.com/package/isolated-vm) to be on the safe side) while safe modules do not.
 
 ```javascript
+import {applyIteratively} from 'flast';
 import {safe, unsafe} from 'restringer';
 const {normalizeComputed} = safe;
 const {resolveDefiniteBinaryExpressions, resolveLocalCalls} = unsafe;
-import {utils} from 'flast';
-const {applyIteratively} = utils;
 let script = 'obfuscated JS here';
 const deobModules = [
   resolveDefiniteBinaryExpressions,
@@ -105,8 +104,7 @@ With the additional `candidateFilter` function argument, it's possible to narrow
 ```javascript
 import {unsafe} from 'restringer';
 const {resolveLocalCalls} = unsafe;
-import {utils} from 'flast';
-const {applyIteratively} = utils;
+import {applyIteratively} from 'flast';
 let script = 'obfuscated JS here';
 
 // It's better to define a function with a meaningful name that can show up in the log 
@@ -145,8 +143,7 @@ if (res.script !== code) {
 
 ### Boilerplate code for starting from scratch
 ```javascript
-import {utils} from 'flast';
-const {applyIteratively, treeModifier, logger} = utils;
+import {applyIteratively, treeModifier, logger} from 'flast';
 // Optional loading from file
 // import fs from 'node:fs';
 // const inputFilename = process.argv[2] || 'target.js';

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -12,14 +12,14 @@
     "test": "tests"
   },
   "dependencies": {
-    "flast": "^2.0.0",
+    "flast": "^2.0.2",
     "isolated-vm": "^5.0.1",
     "jsdom": "^25.0.1",
-    "obfuscation-detector": "^2.0.0"
+    "obfuscation-detector": "^2.0.1"
   },
   "scripts": {
-    "test": "node --test --trace-warnings --no-node-snapshot --experimental-json-modules",
-    "test:coverage": "node --test --trace-warnings --no-node-snapshot --experimental-json-modules --experimental-test-coverage"
+    "test": "node --test --trace-warnings --no-node-snapshot",
+    "test:coverage": "node --test --trace-warnings --no-node-snapshot --experimental-test-coverage"
   },
   "repository": {
     "type": "git",
@@ -30,7 +30,7 @@
     "deobfuscate",
     "deobfuscation",
     "JS",
-    "javascript",
+    "javaScript",
     "AST"
   ],
   "author": "Ben Baryo ([email protected])",

diff --git a/src/modules/safe/replaceEvalCallsWithLiteralContent.js b/src/modules/safe/replaceEvalCallsWithLiteralContent.js
@@ -1,7 +1,6 @@
 import {getCache} from '../utils/getCache.js';
 import {generateHash} from '../utils/generateHash.js';
-import {generateFlatAST, utils} from 'flast';
-const {logger} = utils;
+import {generateFlatAST, logger} from 'flast';
 
 /**
  * Extract string values of eval call expressions, and replace calls with the actual code, without running it through eval.

diff --git a/src/modules/safe/replaceNewFuncCallsWithLiteralContent.js b/src/modules/safe/replaceNewFuncCallsWithLiteralContent.js
@@ -1,7 +1,6 @@
 import {getCache} from '../utils/getCache.js';
 import {generateHash} from '../utils/generateHash.js';
-import {generateFlatAST, utils} from 'flast';
-const {logger} = utils;
+import {generateFlatAST, logger} from 'flast';
 
 /**
  * Extract string values of eval call expressions, and replace calls with the actual code, without running it through eval.

diff --git a/src/modules/safe/resolveMemberExpressionReferencesToArrayIndex.js b/src/modules/safe/resolveMemberExpressionReferencesToArrayIndex.js
@@ -1,5 +1,4 @@
-import {utils} from 'flast';
-const {logger} = utils;
+import {logger} from 'flast';
 
 const minArrayLength = 20;
 

diff --git a/src/modules/unsafe/resolveBuiltinCalls.js b/src/modules/unsafe/resolveBuiltinCalls.js
@@ -1,5 +1,4 @@
-import {utils} from 'flast';
-const {logger} = utils;
+import {logger} from 'flast';
 import {badValue} from '../config.js';
 import {Sandbox} from '../utils/sandbox.js';
 import {evalInVm} from '../utils/evalInVm.js';

diff --git a/src/modules/unsafe/resolveInjectedPrototypeMethodCalls.js b/src/modules/unsafe/resolveInjectedPrototypeMethodCalls.js
@@ -1,5 +1,4 @@
-import {utils} from 'flast';
-const {logger} = utils;
+import {logger} from 'flast';
 import {badValue} from '../config.js';
 import {Sandbox} from '../utils/sandbox.js';
 import {evalInVm} from '../utils/evalInVm.js';

diff --git a/src/modules/utils/createNewNode.js b/src/modules/utils/createNewNode.js
@@ -1,7 +1,6 @@
 import {badValue} from '../config.js';
 import {getObjType} from './getObjType.js';
-import {generateCode, parseCode, utils} from 'flast';
-const {logger} = utils;
+import {generateCode, parseCode, logger} from 'flast';
 
 /**
  * Create a node from a value by its type.

diff --git a/src/modules/utils/evalInVm.js b/src/modules/utils/evalInVm.js
@@ -1,5 +1,4 @@
-import {utils} from 'flast';
-const {logger} = utils;
+import {logger} from 'flast';
 import {Sandbox} from './sandbox.js';
 import * as assert from 'node:assert';
 import {badValue} from '../config.js';

diff --git a/src/modules/utils/evalWithDom.js b/src/modules/utils/evalWithDom.js
@@ -4,8 +4,7 @@ import fs from 'node:fs';
 import {Sandbox} from './sandbox.js';
 // eslint-disable-next-line no-unused-vars
 import {JSDOM} from 'jsdom';
-import {utils} from 'flast';
-const {logger} = utils;
+import {logger} from 'flast';
 import {generateHash} from './generateHash.js';
 
 let jQuerySrc = '';

diff --git a/src/modules/utils/normalizeScript.js b/src/modules/utils/normalizeScript.js
@@ -1,5 +1,4 @@
-import {utils} from 'flast';
-const {applyIteratively} = utils;
+import {applyIteratively} from 'flast';
 import * as normalizeComputed from '../safe/normalizeComputed.js';
 import * as normalizeEmptyStatements from '../safe/normalizeEmptyStatements.js';
 import * as normalizeRedundantNotOperator from '../unsafe/normalizeRedundantNotOperator.js';

diff --git a/src/restringer.js b/src/restringer.js
@@ -1,13 +1,12 @@
 #!/usr/bin/env node
-import {utils as flastUtils} from 'flast';
-const {logger, applyIteratively} = flastUtils;
 import {fileURLToPath} from 'node:url';
+import {logger, applyIteratively} from 'flast';
 import {processors} from './processors/index.js';
 import {detectObfuscation} from 'obfuscation-detector';
-import pkg from '../package.json' assert {type: 'json'};
-const { version } = pkg;
 import {config, safe as safeMod, unsafe as unsafeMod, utils} from './modules/index.js';
 const {normalizeScript} = utils.default;
+import {readFileSync} from 'node:fs';
+const __version__ = JSON.parse(readFileSync(fileURLToPath(new URL('../package.json', import.meta.url)), 'utf-8')).version;
 const safe = {};
 for (const funcName in safeMod) {
 	safe[funcName] = safeMod[funcName].default || safeMod[funcName];
@@ -21,7 +20,7 @@ for (const funcName in unsafeMod) {
 // process.on('uncaughtException', () => {});
 
 export class REstringer {
-	static __version__ = version;
+	static __version__ = __version__;
 
 	/**
 	 * @param {string} script The target script to be deobfuscated

diff --git a/tests/functionality.test.js b/tests/functionality.test.js
@@ -12,4 +12,7 @@ describe('Functionality tests', () => {
 		restringer.deobfuscate();
 		assert.strictEqual(restringer.script, 'eval(3);');
 	});
+	it('REstringer.__version__ is populated', () => {
+		assert.ok(REstringer.__version__);
+	});
 });
diff --git a/tests/modules.test.js b/tests/modules.test.js
@@ -1,9 +1,8 @@
 /* eslint-disable no-unused-vars */
 import assert from 'node:assert';
-import {Arborist, generateFlatAST, utils} from 'flast';
 import {describe, it} from 'node:test';
 import {badValue} from '../src/modules/config.js';
-const {applyIteratively} = utils;
+import {Arborist, generateFlatAST, applyIteratively} from 'flast';
 
 /**
  * Apply a module to a given code snippet.

diff --git a/tests/resources/localProxies.js-deob.js b/tests/resources/localProxies.js-deob.js
@@ -1,11 +1,4 @@
 // this is a comment
-// this is a comment
-// this is a comment
-// this is a comment
-// this is a comment
-// this is a comment
-// this is a comment
-// this is a comment
 var _0x2d93 = [
   'timestamp',
   'int',