diff --git a/package-lock.json b/package-lock.json index 7e52a77..ec5f230 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,21 +1,21 @@ { "name": "obfuscation-detector", - "version": "2.0.2", + "version": "2.0.3", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "obfuscation-detector", - "version": "2.0.2", + "version": "2.0.3", "license": "MIT", "dependencies": { - "flast": "^2.0.3" + "flast": "^2.1.0" }, "bin": { "obfuscation-detector": "bin/obfuscation-detector.js" }, "devDependencies": { - "eslint": "^9.12.0", + "eslint": "^9.14.0", "husky": "^9.1.6" } }, @@ -196,9 +196,9 @@ } }, "node_modules/@humanwhocodes/retry": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/@humanwhocodes/retry/-/retry-0.4.0.tgz", - "integrity": "sha512-xnRgu9DxZbkWak/te3fcytNyp8MTbuiZIaueg2rgEvBuN55n04nwLYLU9TX/VVlusc9L2ZNXi99nUFNkHXtr5g==", + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/@humanwhocodes/retry/-/retry-0.4.1.tgz", + "integrity": "sha512-c7hNEllBlenFTHBky65mhq8WD2kbN9Q6gk0bTk8lSBvc554jpXSkST1iePudpt7+A/AQvuHs9EMqjHDXMY1lrA==", "dev": true, "license": "Apache-2.0", "engines": { @@ -366,9 +366,9 @@ "license": "MIT" }, "node_modules/cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "version": "7.0.5", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.5.tgz", + "integrity": "sha512-ZVJrKKYunU38/76t0RMOulHOnUcbU9GbpWKAOZ0mhjr7CX6FVrH+4FrAapSOekrgFQ3f/8gwMEuIft0aKq6Hug==", "dev": true, "license": "MIT", "dependencies": { @@ -699,13 +699,13 @@ } }, "node_modules/flast": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/flast/-/flast-2.0.3.tgz", - "integrity": "sha512-T44oiMvVTd9rGVxIBfJ7jYVL2gtKr39pNP8IRm+AkLaxekZH0LzHcyJKsvoyzA5Ebl2/qWWNyhrofFlPlt+UYw==", + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/flast/-/flast-2.1.0.tgz", + "integrity": "sha512-d8tcIuV8BZFe4oRVFd4KwcKNKUJ4iY4MNmKfLd2wHGsMYWC+ipP/Aq5Cz1m18lhzoXlfDldwmaNYfBeyi7oaiw==", "license": "MIT", "dependencies": { "escodegen": "npm:@javascript-obfuscator/escodegen", - "eslint-scope": "^8.1.0", + "eslint-scope": "^8.2.0", "espree": "^10.3.0", "estraverse": "^5.3.0" } diff --git a/package.json b/package.json index 5c0c343..4cbf387 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "obfuscation-detector", - "version": "2.0.2", + "version": "2.0.3", "description": "Javascript obfuscation detector", "main": "src/index.js", "type": "module", @@ -34,10 +34,10 @@ }, "homepage": "https://github.com/PerimeterX/obfuscation-detector#readme", "devDependencies": { - "eslint": "^9.12.0", + "eslint": "^9.14.0", "husky": "^9.1.6" }, "dependencies": { - "flast": "^2.0.3" + "flast": "^2.1.0" } } diff --git a/src/detectors/caesarp.js b/src/detectors/caesarp.js index 7f5fc7a..f9f4f18 100644 --- a/src/detectors/caesarp.js +++ b/src/detectors/caesarp.js @@ -29,7 +29,7 @@ function isNodeInScope(targetNode, targetScopeBlock) { */ function detectCaesarPlus(flatTree) { // Verify the main function's name is 3 letters long and has maximum 1 reference; - const candidates = flatTree.filter(n => + const candidates = (flatTree[0].typeMap.FunctionExpression || []).filter(n => n.type === 'FunctionExpression' && n?.id?.name?.length === 3 && n?.parentNode?.type === 'CallExpression' && !n.parentNode.arguments.length); diff --git a/src/detectors/functionToArrayReplacements.js b/src/detectors/functionToArrayReplacements.js index a287525..018c781 100644 --- a/src/detectors/functionToArrayReplacements.js +++ b/src/detectors/functionToArrayReplacements.js @@ -8,8 +8,8 @@ const obfuscationName = 'function_to_array_replacements'; * @param {ASTNode[]} flatTree * @return {string} The obfuscation name if detected; empty string otherwise. */ -function detectFunctionToArrayReplacemets(flatTree) { - return flatTree.some(n => +function detectFunctionToArrayReplacements(flatTree) { + return (flatTree[0].typeMap.VariableDeclarator || []).some(n => n.type === 'VariableDeclarator' && n?.init?.callee?.type?.indexOf('unction') > -1 && n?.id?.references?.length && @@ -18,4 +18,4 @@ function detectFunctionToArrayReplacemets(flatTree) { r.parentKey === 'object'))) ? obfuscationName : ''; } -export {detectFunctionToArrayReplacemets}; +export {detectFunctionToArrayReplacements}; diff --git a/src/detectors/obfuscator-io.js b/src/detectors/obfuscator-io.js index 575ca41..fd5d3c5 100644 --- a/src/detectors/obfuscator-io.js +++ b/src/detectors/obfuscator-io.js @@ -1,7 +1,7 @@ const obfuscationName = 'obfuscator.io'; function setCookieIndicator(flatTree) { - const candidate = flatTree.find(n => + const candidate = (flatTree[0].typeMap.ObjectExpression || []).find(n => n.type === 'ObjectExpression' && n.properties.length && n.properties.some(p => @@ -19,7 +19,7 @@ function setCookieIndicator(flatTree) { } function notBooleanTilde(flatTree) { - const candidates = flatTree.filter(n => + const candidates = (flatTree[0].typeMap.BlockStatement || []).filter(n => n.type === 'BlockStatement' && n.body.length === 2 && n.body[0].type === 'IfStatement' && diff --git a/src/detectors/sharedDetectionMethods.js b/src/detectors/sharedDetectionMethods.js index 513650e..2d63543 100644 --- a/src/detectors/sharedDetectionMethods.js +++ b/src/detectors/sharedDetectionMethods.js @@ -19,7 +19,7 @@ function arrayHasMeaningfulContentLength(targetArray, flatTree) { * @return {ASTNode[]} Candidates matching the target profile of an array with more than a few items, all literals. */ function findArrayDeclarationCandidates(flatTree) { - return flatTree.filter(n => + return (flatTree[0].typeMap.VariableDeclarator || []).filter(n => n.type === 'VariableDeclarator' && n?.init?.type === 'ArrayExpression' && arrayHasMeaningfulContentLength(n.init.elements, flatTree) &&