Skip to content

Commit

Permalink
fix(evasive-transform): replace homoglyphs with boring ascii (merge #…
Browse files Browse the repository at this point in the history
  • Loading branch information
kriskowal authored Nov 6, 2023
2 parents f746e99 + dc00caa commit 64a5c56
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 13 deletions.
6 changes: 3 additions & 3 deletions packages/evasive-transform/src/transform-comment.js
Original file line number Diff line number Diff line change
Expand Up @@ -35,11 +35,11 @@ export function transformComment(node, unmapLoc) {
// ...strip extraneous comment whitespace
.replace(/^\s+/gm, ' ')
// ...replace HTML comments with a defanged version to pass SES restrictions.
.replace(HTML_COMMENT_START_RE, '<!\u{2010}-')
.replace(HTML_COMMENT_END_RE, '-\u{2010}>')
.replace(HTML_COMMENT_START_RE, '<!=-')
.replace(HTML_COMMENT_END_RE, '-=>')
// ...replace import expressions with a defanged version to pass SES restrictions
// (featuring homoglyphs for @kriskowal)
.replace(IMPORT_RE, 'im\u{440}ort$2')
.replace(IMPORT_RE, 'IMPORT$2')
// ...replace end-of-comment markers
.replace(/\*\//g, '*X/');
if (unmapLoc) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,19 +8,19 @@ Generated by [AVA](https://avajs.dev).

> Snapshot 1
'\'use strict\';var node_fs=require(\'node:fs\');/** * @returns {imрort(\'node:fs\').constants.F_OK} */function bambalam(){return node_fs.constants.F_OK;}/** * <!- this should become less evil -> */function monkey(){return true;}exports.bambalam=bambalam;exports.monkey=monkey;/*# sourceMappingURL=index.cjs.map*/'
'\'use strict\';var node_fs=require(\'node:fs\');/** * @returns {IMPORT(\'node:fs\').constants.F_OK} */function bambalam(){return node_fs.constants.F_OK;}/** * <!=- this should become less evil -=> */function monkey(){return true;}exports.bambalam=bambalam;exports.monkey=monkey;/*# sourceMappingURL=index.cjs.map*/'

## evadeCensor() - successful source transform w/ source map

> Snapshot 1
'\'use strict\';var node_fs=require(\'node:fs\');/** * @returns {imрort(\'node:fs\').constants.F_OK} */function bambalam(){return node_fs.constants.F_OK;}/** * <!- this should become less evil -> */function monkey(){return true;}exports.bambalam=bambalam;exports.monkey=monkey;/*# sourceMappingURL=index.cjs.map*/'
'\'use strict\';var node_fs=require(\'node:fs\');/** * @returns {IMPORT(\'node:fs\').constants.F_OK} */function bambalam(){return node_fs.constants.F_OK;}/** * <!=- this should become less evil -=> */function monkey(){return true;}exports.bambalam=bambalam;exports.monkey=monkey;/*# sourceMappingURL=index.cjs.map*/'

## evadeCensor() - successful source transform w/ source map & source URL

> Snapshot 1
'\'use strict\';var node_fs=require(\'node:fs\');/** * @returns {imрort(\'node:fs\').constants.F_OK} */function bambalam(){return node_fs.constants.F_OK;}/** * <!- this should become less evil -> */function monkey(){return true;}exports.bambalam=bambalam;exports.monkey=monkey;/*# sourceMappingURL=index.cjs.map*/'
'\'use strict\';var node_fs=require(\'node:fs\');/** * @returns {IMPORT(\'node:fs\').constants.F_OK} */function bambalam(){return node_fs.constants.F_OK;}/** * <!=- this should become less evil -=> */function monkey(){return true;}exports.bambalam=bambalam;exports.monkey=monkey;/*# sourceMappingURL=index.cjs.map*/'

> Snapshot 2
Expand All @@ -45,7 +45,7 @@ Generated by [AVA](https://avajs.dev).

> Snapshot 1
'\'use strict\';var node_fs=require(\'node:fs\');/** * @returns {imрort(\'node:fs\').constants.F_OK} */function bambalam(){return node_fs.constants.F_OK;}/** * <!- this should become less evil -> */function monkey(){return true;}exports.bambalam=bambalam;exports.monkey=monkey;/*# sourceMappingURL=index.cjs.map*/'
'\'use strict\';var node_fs=require(\'node:fs\');/** * @returns {IMPORT(\'node:fs\').constants.F_OK} */function bambalam(){return node_fs.constants.F_OK;}/** * <!=- this should become less evil -=> */function monkey(){return true;}exports.bambalam=bambalam;exports.monkey=monkey;/*# sourceMappingURL=index.cjs.map*/'

> Snapshot 2
Expand All @@ -70,13 +70,13 @@ Generated by [AVA](https://avajs.dev).

> Snapshot 1
'\'use strict\';varnode_fs=require(\'node:fs\');/** * @returns {imрort(\'node:fs\').constants.F_OK} */function bambalam(){return node_fs.constants.F_OK;}/** * <!- this should become less evil -> */function monkey(){return true;}exports.bambalam=bambalam;exports.monkey=monkey;/*# sourceMappingURL=index.cjs.map*/'
'\'use strict\';varnode_fs=require(\'node:fs\');/** * @returns {IMPORT(\'node:fs\').constants.F_OK} */function bambalam(){return node_fs.constants.F_OK;}/** * <!=- this should become less evil -=> */function monkey(){return true;}exports.bambalam=bambalam;exports.monkey=monkey;/*# sourceMappingURL=index.cjs.map*/'

## evadeCensor() - successful source transform w/ source map, source URL & unmapping

> Snapshot 1
'\'use strict\';varnode_fs=require(\'node:fs\');/** * @returns {imрort(\'node:fs\').constants.F_OK} */function bambalam(){return node_fs.constants.F_OK;}/** * <!- this should become less evil -> */function monkey(){return true;}exports.bambalam=bambalam;exports.monkey=monkey;/*# sourceMappingURL=index.cjs.map*/'
'\'use strict\';varnode_fs=require(\'node:fs\');/** * @returns {IMPORT(\'node:fs\').constants.F_OK} */function bambalam(){return node_fs.constants.F_OK;}/** * <!=- this should become less evil -=> */function monkey(){return true;}exports.bambalam=bambalam;exports.monkey=monkey;/*# sourceMappingURL=index.cjs.map*/'

> Snapshot 2
Expand Down
Binary file not shown.
6 changes: 2 additions & 4 deletions packages/evasive-transform/test/test-transform-comment.js
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ test('transformComment() - defang HTML comment', async t => {
value: '<!-- evil code -->',
});
transformComment(comment);
t.is(comment.value, '<!\u{2010}- evil code -\u{2010}>');
t.is(comment.value, '<!=- evil code -=>');
});

test('transformComment() - rewrite suspicious import(...)', async t => {
Expand All @@ -37,9 +37,7 @@ test('transformComment() - rewrite suspicious import(...)', async t => {
transformComment(comment);
t.regex(
comment.value,
new RegExp(
"\\* @type \\{im\u{440}ort\\('c:\\\\My Documents\\\\user\\.js'\\)",
),
new RegExp("\\* @type \\{IMPORT\\('c:\\\\My Documents\\\\user\\.js'\\)"),
);
});

Expand Down

0 comments on commit 64a5c56

Please sign in to comment.