-
Notifications
You must be signed in to change notification settings - Fork 34
/
resolveAugmentedFunctionWrappedArrayReplacements.js
70 lines (67 loc) · 2.78 KB
/
resolveAugmentedFunctionWrappedArrayReplacements.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
const {badValue} = require(__dirname + '/../config');
const Sandbox = require(__dirname + '/../utils/sandbox');
const evalInVm = require(__dirname + '/../utils/evalInVm');
const getDescendants = require(__dirname + '/../utils/getDescendants');
/**
* A special case of function array replacement where the function is wrapped in another function, the array is
* sometimes wrapped in its own function, and is also augmented.
* TODO: Add example code
* @param {Arborist} arb
* @param {Function} candidateFilter (optional) a filter to apply on the candidates list
* @return {Arborist}
*/
function resolveAugmentedFunctionWrappedArrayReplacements(arb, candidateFilter = () => true) {
for (let i = 0; i < arb.ast.length; i++) {
const n = arb.ast[i];
if (n.type === 'FunctionDeclaration' && n.id &&
candidateFilter(n)) {
const descendants = getDescendants(n);
if (descendants.find(d =>
d.type === 'AssignmentExpression' &&
d.left?.name === n.id?.name)) {
const arrDecryptor = n;
const arrCandidates = descendants.filter(c =>
c.type === 'MemberExpression' && c.object.type === 'Identifier')
.map(n => n.object);
for (let j = 0; j < arrCandidates.length; j++) {
const ac = arrCandidates[j];
// If a direct reference to a global variable pointing at an array
let arrRef;
if (!ac.declNode) continue;
if (ac.declNode.scope.type === 'global') {
if (ac.declNode.parentNode?.init?.type === 'ArrayExpression') {
arrRef = ac.declNode.parentNode?.parentNode || ac.declNode.parentNode;
}
} else if (ac.declNode.parentNode?.init?.type === 'CallExpression') {
arrRef = ac.declNode.parentNode.init.callee?.declNode?.parentNode;
}
if (arrRef) {
const iife = arb.ast.find(c =>
c.type === 'ExpressionStatement' &&
c.expression.type === 'CallExpression' &&
c.expression.callee.type === 'FunctionExpression' &&
c.expression.arguments.length &&
c.expression.arguments[0].type === 'Identifier' &&
c.expression.arguments[0].declNode === ac.declNode);
if (iife) {
const context = [arrRef.src, arrDecryptor.src, iife.src].join('\n');
const skipScopes = [arrRef.scope, arrDecryptor.scope, iife.expression.callee.scope];
const replacementCandidates = arb.ast.filter(c =>
c?.callee?.name === arrDecryptor.id.name &&
!skipScopes.includes(c.scope));
const sb = new Sandbox();
sb.run(context);
for (let p = 0; p < replacementCandidates.length; p++) {
const rc = replacementCandidates[p];
const replacementNode = evalInVm(`\n${rc.src}`, sb);
if (replacementNode !== badValue) arb.markNode(rc, replacementNode);
}
}
}
}
}
}
}
return arb;
}
module.exports = resolveAugmentedFunctionWrappedArrayReplacements;