restringer
Advanced tools
restringer - npm Package Compare versions
Comparing version 1.6.5 to 1.6.6
| { | ||
| "name": "restringer", | ||
| "version": "1.6.5", | ||
| "version": "1.6.6", | ||
| "description": "Deobfuscate Javascript with emphasis on reconstructing strings", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -14,3 +14,3 @@ const {VM} = require('vm2'); | ||
| const disableObjects = { // APIs that should be disabled when running scripts in eval to avoid inconsistencies. | ||
| Date: {}, | ||
| Date: class {}, | ||
| debugger: {}, | ||
@@ -17,0 +17,0 @@ }; |
| const {parseCode} = require('flast'); | ||
| const evalInVm = require(__dirname + '/evalInVm'); | ||
| const {badValue} = require(__dirname + '/../config'); | ||
| const createOrderedSrc = require(__dirname + '/../utils/createOrderedSrc'); | ||
| const getDeclarationWithContext = require(__dirname + '/../utils/getDeclarationWithContext'); | ||
@@ -22,4 +24,10 @@ /** | ||
| for (const c of candidates) { | ||
| const argument = c.arguments[0]; | ||
| const src = `var __a_ = ${argument.src}\n;__a_`; | ||
| // The code inside the eval might contain references to outside code that should be included. | ||
| const contextNodes = getDeclarationWithContext(c, true); | ||
| // In case any of the target candidate is included in the context it should be removed. | ||
| for (const redundantNode in [c, c?.parentNode, c?.parentNode?.parentNode]) { | ||
| if (contextNodes.includes(redundantNode)) contextNodes.splice(contextNodes.indexOf(redundantNode), 1); | ||
| } | ||
| const context = contextNodes.length ? createOrderedSrc(contextNodes) : ''; | ||
| const src = `${context}\n;var __a_ = ${createOrderedSrc([c.arguments[0]])}\n;__a_`; | ||
| const newNode = evalInVm(src); | ||
@@ -26,0 +34,0 @@ const targetNode = c.parentNode.type === 'ExpressionStatement' ? c.parentNode : c; |
@@ -630,3 +630,3 @@ const {generateFlatAST} = require('flast'); | ||
| func: __dirname + '/../src/modules/unsafe/resolveEvalCallsOnNonLiterals', | ||
| source: `eval(function() {return 'atob'}());`, | ||
| source: `eval(function(a) {return a}('atob'));`, | ||
| expected: `atob;`, | ||
@@ -633,0 +633,0 @@ }, |
@@ -5,2 +5,3 @@ module.exports = { | ||
| 'Ant & Cockroach': 'ant.js', | ||
| 'Hunter': 'hunter.js', | ||
| '_$_': 'udu.js', | ||
@@ -7,0 +8,0 @@ 'Prototype Calls': 'prototypeCalls.js', |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by3.75%
654417
- Number of package files
- increased by1.72%
118
- Lines of code
- increased by2.72%
11666
Worsened metrics
- Number of low supply chain risk alerts
- increased by1.11%
182