Skip to content

Dead Code Injection + Debug Protection exposes internal variable names #121

New issue
New issue
Closed
Closed
Dead Code Injection + Debug Protection exposes internal variable names#121
Labels
bughigh priority
Milestone
0.12.2
@AlexElting

Description

@AlexElting
AlexElting
opened on Nov 10, 2017

If you obfuscate the following code:

function test() {
    var importantVariableName = 'test';
    return importantVariableName.indexOf('test');
 }

with the following settings:

{
    deadCodeInjection: true,
    deadCodeInjectionThreshold: 1,
    debugProtection: true,
}

the variable name importantVariableName can be seen in clear text in the obfuscated code. This is the case even if the mangle and stringArrayEncoding options are used.

The named variable appears to be part of dead code since it is not set anywhere, but the obfuscated function call on it is still .indexOf('test').

Tested on version 0.11.2 and on https://javascriptobfuscator.herokuapp.com/

Metadata

Metadata

Assignees

No one assigned

    Labels

    bughigh priority

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions