justan0th3rstud3nt
/
garble
mirror of https://github.com/burrowers/garble
1
0
Fork 0
Code Issues 1 Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
release-v0.12
ci-test
literalRecheck
v0.12.1
v0.12.0
v0.11.0
v0.10.1
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.0
v0.7.2
v0.7.1
v0.7.0
v0.6.0
v0.5.1
v0.5.0
v0.4.0
v0.3.0
v0.2.0
v0.1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e2a32634a6'
${ noResults }
garble/testdata/scripts/imports.txt

198 lines
5.2 KiB
Plaintext
Raw Normal View History Unescape Escape

testdata: set GOPRIVATE in all but two tests (#104) basic.txt just builds main.go without a module. Similarly, we leave imports.txt without a GOPRIVATE, to test the 'go list -m' fallback. For all other tests, explicitly set GOPRIVATE, to avoid two exec calls - both 'go env GOPRIVATE' as well as 'go list -m'. Each of those calls takes in the order of 10ms, so saving ~26 exec calls should easily add to 200-300ms saved from 'go test -short'.
4 years ago
# Note that this is the only test with a module where we rely on the detection
# of GOPRIVATE.
testdata: don't let tests rely on rewriting mod files In Go 1.15, if a dependency is required but not listed in go.mod/go.sum, it's resolved and added automatically. This is changing in 1.16. From that release, one will have to explicitly update the mod files via 'go mod tidy' or 'go get'. To get ahead of the curve, start using -mod=readonly to get the same behavior in 1.15, and fix all existing tests. The only tests that failed were imports.txt and syntax.txt, the only ones to require other modules. But since we're here, let's add the 'go' line to all go.mod files as well.
4 years ago
# Also note that, since this is the only test using "real" external modules
# fetched via GOPROXY, go.mod and go.sum should declare the dependencies.
testdata: set GOPRIVATE in all but two tests (#104) basic.txt just builds main.go without a module. Similarly, we leave imports.txt without a GOPRIVATE, to test the 'go list -m' fallback. For all other tests, explicitly set GOPRIVATE, to avoid two exec calls - both 'go env GOPRIVATE' as well as 'go list -m'. Each of those calls takes in the order of 10ms, so saving ~26 exec calls should easily add to 200-300ms saved from 'go test -short'.
4 years ago
testdata: avoid messing with the host's mod cache (#198) It turns out that the modules we include in testdata/mod via txtar-addmod don't result in the same h1 hash that one gets when using proxy.golang.org. As proof: $ go clean -modcache && go get -d rsc.io/quote@v1.5.2 && go test -short [...] --- FAIL: TestScripts/imports (0.06s) > garble build -tags buildtag go list error: exit status 1: verifying rsc.io/quote@v1.5.2: checksum mismatch downloaded: h1:w5fcysjrx7yqtD/aO+QwRjYZOKnaM9Uh2b40tElTs3Y= go.sum: h1:3fEykkD9k7lYzXqCYrwGAf7iNhbk4yCjHmKBN9td4L0= The added comment explains the situation in detail. For now, simply work around the issue by not sharing GOMODCACHE with the host.
4 years ago
# For now, use a throwaway module download cache instead of the host machine's.
# Usually it would be fine to reuse the host's, since we expose exact copies of
# some external modules in a local proxy, allowing 'go test' to work offline.
# However, for some reason, we end up with different hashes of the code for
# modules like rsc.io/quote, and it's unclear why. It might be a txtar-addmod bug.
# In any case, not worth our time to investigate right now, and "downloading"
# modules is instant since we just copy a handful of files.
#
# To reproduce the issue, remove the env line and run:
#
# go clean -modcache && go get -d rsc.io/quote@v1.5.2 && go test -short
env GOMODCACHE=$WORK/modcache
keep build flags when calling 'go list' Otherwise any build flags like -tags won't be used, and we might easily end up with errors or incorrect packages. The common case with -tags is covered by one of the integration test scripts. On top of that, we add a table-driven unit test to cover all edge cases, since there are many we can do quickly in a unit test. Fixes #82.
4 years ago
garble build -tags buildtag
garbling imported packages starts being supported
5 years ago
exec ./main
support std imports
5 years ago
cmp stdout main.stdout
Allow struct fields to be garbled, fixes #48 (#159) * Allow struct fields to be garbled, fixes #48 * fix syntax test script * simplified code according to review
4 years ago
! binsubstr main$exe 'ImportedVar' 'ImportedConst' 'ImportedFunc' 'ImportedType' 'main.go' 'test/main' 'imported.' 'NormalStruct' 'NormalExportedField' 'normalUnexportedField'
Fix bug where structs would get garbled in some packages but not in others (#161) * fix bug where structs would get garbled in some packages but not in others * only check if struct/field was not defined in current package * fix a related bug when two objects share the same name in the same package and one is garbled but the other one is not * renamed parameter for clarity
4 years ago
binsubstr main$exe 'ReflectInDefined' 'ExportedField2' 'unexportedField2'
garbling imported packages starts being supported
5 years ago
shorten 'go test -short' run time Down from ~11s to ~7s, as we can skip some extra checks. While at it, avoid duplicate 'go test' builds in test.txt.
5 years ago
[short] stop # checking that the build is reproducible is slow
make output binaries deterministic We were leaking temporary file paths, which is no longer the case.
5 years ago
# Also check that the binary is reproducible when many imports are involved.
initial support for build caching (#142) As per the discussion in https://github.com/golang/go/issues/41145, it turns out that we don't need special support for build caching in -toolexec. We can simply modify the behavior of "[...]/compile -V=full" and "[...]/link -V=full" so that they include garble's own version and options in the printed build ID. The part of the build ID that matters is the last, since it's the "content ID" which is used to work out whether there is a need to redo the action (build) or not. Since cmd/go parses the last word in the output as "buildID=...", we simply add "+garble buildID=_/_/_/${hash}". The slashes let us imitate a full binary build ID, but we assume that the other components such as the action ID are not necessary, since the only reader here is cmd/go and it only consumes the content ID. The reported content ID includes the tool's original content ID, garble's own content ID from the built binary, and the garble options which modify how we obfuscate code. If any of the three changes, we should use a different build cache key. GOPRIVATE also affects caching, since a different GOPRIVATE value means that we might have to garble a different set of packages. Include tests, which mainly check that 'garble build -v' prints package lines when we expect to always need to rebuild packages, and that it prints nothing when we should be reusing the build cache even when the built binary is missing. After this change, 'go test' on Go 1.15.2 stabilizes at about 8s on my machine, whereas it used to be at around 25s before.
4 years ago
# No packages should be rebuilt either, thanks to the build cache.
make the tool work on Windows, enable tests The tests required a few last tweaks to work on Windows.
5 years ago
cp main$exe main_old$exe
rm main$exe
initial support for build caching (#142) As per the discussion in https://github.com/golang/go/issues/41145, it turns out that we don't need special support for build caching in -toolexec. We can simply modify the behavior of "[...]/compile -V=full" and "[...]/link -V=full" so that they include garble's own version and options in the printed build ID. The part of the build ID that matters is the last, since it's the "content ID" which is used to work out whether there is a need to redo the action (build) or not. Since cmd/go parses the last word in the output as "buildID=...", we simply add "+garble buildID=_/_/_/${hash}". The slashes let us imitate a full binary build ID, but we assume that the other components such as the action ID are not necessary, since the only reader here is cmd/go and it only consumes the content ID. The reported content ID includes the tool's original content ID, garble's own content ID from the built binary, and the garble options which modify how we obfuscate code. If any of the three changes, we should use a different build cache key. GOPRIVATE also affects caching, since a different GOPRIVATE value means that we might have to garble a different set of packages. Include tests, which mainly check that 'garble build -v' prints package lines when we expect to always need to rebuild packages, and that it prints nothing when we should be reusing the build cache even when the built binary is missing. After this change, 'go test' on Go 1.15.2 stabilizes at about 8s on my machine, whereas it used to be at around 25s before.
4 years ago
garble build -tags buildtag -v
! stderr .
make the tool work on Windows, enable tests The tests required a few last tweaks to work on Windows.
5 years ago
bincmp main$exe main_old$exe
make output binaries deterministic We were leaking temporary file paths, which is no longer the case.
5 years ago
keep build flags when calling 'go list' Otherwise any build flags like -tags won't be used, and we might easily end up with errors or incorrect packages. The common case with -tags is covered by one of the integration test scripts. On top of that, we add a table-driven unit test to cover all edge cases, since there are many we can do quickly in a unit test. Fixes #82.
4 years ago
go build -tags buildtag
don't remove "//go:" compile directives For example, this broke cgo, since it uses go:linkname. Updates #12.
4 years ago
exec ./main
cmp stdout main.stdout
Fix reflect detection if -literals is passed. Fixes #93. The second typecheck lead to the creation of different type objects, which didn't match the types in the blacklist anymore. It turns out we don't need the second typecheck, therfore it is now removed.
4 years ago
# Also check that -literals doesn't break anything
garble -literals build -tags buildtag
exec ./main
cmp stdout main.stdout
don't remove "//go:" compile directives For example, this broke cgo, since it uses go:linkname. Updates #12.
4 years ago
garbling imported packages starts being supported
5 years ago
-- go.mod --
make selection of packages configurable via GOPRIVATE Carefully select a default that will do the right thing when inside a module, as well as when building ad-hoc packages. This means we no longer need to look at the compiler's -std flag, which is nice. Also replace foo.com/ with test/, as per golang/go#37641. Fixes #7.
4 years ago
module test/main
testdata: don't let tests rely on rewriting mod files In Go 1.15, if a dependency is required but not listed in go.mod/go.sum, it's resolved and added automatically. This is changing in 1.16. From that release, one will have to explicitly update the mod files via 'go mod tidy' or 'go get'. To get ahead of the curve, start using -mod=readonly to get the same behavior in 1.15, and fix all existing tests. The only tests that failed were imports.txt and syntax.txt, the only ones to require other modules. But since we're here, let's add the 'go' line to all go.mod files as well.
4 years ago
go 1.15
make the handling of import paths more robust First, make isPrivate panic on malformed import paths, since that should never happen. This catches the errors that some users had run into with packages like gopkg.in/yaml.v2 and github.com/satori/go.uuid: panic: malformed import path "gopkg.in/garbletest%2ev2": invalid char '%' This seems to trigger when a module path contains a dot after the first element, *and* that module is fetched via the proxy. This results in the toolchain URL-encoding the second dot, and garble ends up seeing that encoded path. We reproduce this behavior with a fake gopkg.in module added to the test module proxy. Using yaml.v2 directly would have been easier, but it's pretty large. Note that we tried a replace directive, but that does not trigger the URL-encoding bug. Also note that we do not obfuscate the gopkg.in package; that's fine, as the isPrivate path validity check catches the bug either way. For now, make initImport use url.PathUnescape to work around this issue. The underlying bug is likely in either the goobj2 fork, or in the upstream Go toolchain itself. hashImport also gives a better error if it cannot find a package now, rather than just an "empty seed" panic. Finally, the sanity check in isPrivate unearthed the fact that we do not support garbling test packages at all, since they were invalid paths which never matched GOPRIVATE. Add an explicit check and TODO about that. Fixes #224. Fixes #228.
3 years ago
require (
rsc.io/quote v1.5.2
gopkg.in/garbletest.v2 v2.999.0
)
testdata: don't let tests rely on rewriting mod files In Go 1.15, if a dependency is required but not listed in go.mod/go.sum, it's resolved and added automatically. This is changing in 1.16. From that release, one will have to explicitly update the mod files via 'go mod tidy' or 'go get'. To get ahead of the curve, start using -mod=readonly to get the same behavior in 1.15, and fix all existing tests. The only tests that failed were imports.txt and syntax.txt, the only ones to require other modules. But since we're here, let's add the 'go' line to all go.mod files as well.
4 years ago
-- go.sum --
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c h1:pvCbr/wm8HzDD3fVywevekufpn6tCGPY3spdHeZJEsw=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
make the handling of import paths more robust First, make isPrivate panic on malformed import paths, since that should never happen. This catches the errors that some users had run into with packages like gopkg.in/yaml.v2 and github.com/satori/go.uuid: panic: malformed import path "gopkg.in/garbletest%2ev2": invalid char '%' This seems to trigger when a module path contains a dot after the first element, *and* that module is fetched via the proxy. This results in the toolchain URL-encoding the second dot, and garble ends up seeing that encoded path. We reproduce this behavior with a fake gopkg.in module added to the test module proxy. Using yaml.v2 directly would have been easier, but it's pretty large. Note that we tried a replace directive, but that does not trigger the URL-encoding bug. Also note that we do not obfuscate the gopkg.in package; that's fine, as the isPrivate path validity check catches the bug either way. For now, make initImport use url.PathUnescape to work around this issue. The underlying bug is likely in either the goobj2 fork, or in the upstream Go toolchain itself. hashImport also gives a better error if it cannot find a package now, rather than just an "empty seed" panic. Finally, the sanity check in isPrivate unearthed the fact that we do not support garbling test packages at all, since they were invalid paths which never matched GOPRIVATE. Add an explicit check and TODO about that. Fixes #224. Fixes #228.
3 years ago
gopkg.in/garbletest.v2 v2.999.0 h1:wiZfOKGiXX7DoYVgbNvnTaCjqElrpZQSvKg0HYouw/o=
gopkg.in/garbletest.v2 v2.999.0/go.mod h1:MF1BPTBjmDdc9x86+9UMLL9pAH2eMFPHvltohOvlGEw=
testdata: don't let tests rely on rewriting mod files In Go 1.15, if a dependency is required but not listed in go.mod/go.sum, it's resolved and added automatically. This is changing in 1.16. From that release, one will have to explicitly update the mod files via 'go mod tidy' or 'go get'. To get ahead of the curve, start using -mod=readonly to get the same behavior in 1.15, and fix all existing tests. The only tests that failed were imports.txt and syntax.txt, the only ones to require other modules. But since we're here, let's add the 'go' line to all go.mod files as well.
4 years ago
rsc.io/quote v1.5.2 h1:3fEykkD9k7lYzXqCYrwGAf7iNhbk4yCjHmKBN9td4L0=
rsc.io/quote v1.5.2/go.mod h1:LzX7hefJvL54yjefDEDHNONDjII0t9xZLPXsUe+TKr0=
rsc.io/sampler v1.3.0 h1:HLGR/BgEtI3r0uymSP/nl2uPLsUnNJX8toRyhfpBTII=
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
garbling imported packages starts being supported
5 years ago
-- main.go --
package main
support std imports
5 years ago
import (
"fmt"
blacklist struct fields with reflection too In the added test, the unexported field used to be garbled. Reflection can only reach exported methods, exported fields, and unexported fields. Exported methods and fields are currently never garbled, so unexported fields was the only missing piece.
4 years ago
"reflect"
fix garbling names belonging to indirect imports (#203) main.go includes a lengthy comment that documents this edge case, why it happened, and how we are fixing it. To summarize, we should no longer error with a build error in those cases. Read the comment for details. A few other minor changes were done to allow writing this patch. First, the actionID and contentID funcs were renamed, since they started to collide with variable names. Second, the logging has been improved a bit, which allowed me to debug the issue. Third, the "cache" global shared by all garble sub-processes now includes the necessary parameters to run "go list -toolexec", including the path to garble and the build flags being used. Thanks to lu4p for writing a test case, which also applied gofmt to that testdata Go file. Fixes #180. Closes #181, since it includes its test case.
4 years ago
"strings"
support building modules which require other modules We use 'go list -json -export' to locate required modules. This works fine to locate direct module dependencies; since we're building in the current module, we run 'go list' in the correct directory. However, if we're building one of those module dependencies, and it has other module dependencies of its own, we would fail with cryptic errors like: typecheck error: [...] go list error: updates to go.sum needed, disabled by -mod=readonly This is because we would try to run 'go list' outside of the main module, probably inside the module cache. Instead, use a $GARBLE_DIR env var from the top-level 'garble build' call to always run 'go list' in the original directory. We add a few small modules to properly test this. Updates #9.
4 years ago
make selection of packages configurable via GOPRIVATE Carefully select a default that will do the right thing when inside a module, as well as when building ad-hoc packages. This means we no longer need to look at the compiler's -std flag, which is nice. Also replace foo.com/ with test/, as per golang/go#37641. Fixes #7.
4 years ago
"test/main/imported"
support building modules which require other modules We use 'go list -json -export' to locate required modules. This works fine to locate direct module dependencies; since we're building in the current module, we run 'go list' in the correct directory. However, if we're building one of those module dependencies, and it has other module dependencies of its own, we would fail with cryptic errors like: typecheck error: [...] go list error: updates to go.sum needed, disabled by -mod=readonly This is because we would try to run 'go list' outside of the main module, probably inside the module cache. Instead, use a $GARBLE_DIR env var from the top-level 'garble build' call to always run 'go list' in the original directory. We add a few small modules to properly test this. Updates #9.
4 years ago
"rsc.io/quote"
make the handling of import paths more robust First, make isPrivate panic on malformed import paths, since that should never happen. This catches the errors that some users had run into with packages like gopkg.in/yaml.v2 and github.com/satori/go.uuid: panic: malformed import path "gopkg.in/garbletest%2ev2": invalid char '%' This seems to trigger when a module path contains a dot after the first element, *and* that module is fetched via the proxy. This results in the toolchain URL-encoding the second dot, and garble ends up seeing that encoded path. We reproduce this behavior with a fake gopkg.in module added to the test module proxy. Using yaml.v2 directly would have been easier, but it's pretty large. Note that we tried a replace directive, but that does not trigger the URL-encoding bug. Also note that we do not obfuscate the gopkg.in package; that's fine, as the isPrivate path validity check catches the bug either way. For now, make initImport use url.PathUnescape to work around this issue. The underlying bug is likely in either the goobj2 fork, or in the upstream Go toolchain itself. hashImport also gives a better error if it cannot find a package now, rather than just an "empty seed" panic. Finally, the sanity check in isPrivate unearthed the fact that we do not support garbling test packages at all, since they were invalid paths which never matched GOPRIVATE. Add an explicit check and TODO about that. Fixes #224. Fixes #228.
3 years ago
garbletest "gopkg.in/garbletest.v2"
support std imports
5 years ago
)
garbling imported packages starts being supported
5 years ago
func main() {
support std imports
5 years ago
fmt.Println(imported.ImportedVar)
fmt.Println(imported.ImportedConst)
blacklist struct fields with reflection too In the added test, the unexported field used to be garbled. Reflection can only reach exported methods, exported fields, and unexported fields. Exported methods and fields are currently never garbled, so unexported fields was the only missing piece.
4 years ago
fmt.Println(imported.ImportedFunc('x'))
support std imports
5 years ago
fmt.Println(imported.ImportedType(3))
Fix bug where structs would get garbled in some packages but not in others (#161) * fix bug where structs would get garbled in some packages but not in others * only check if struct/field was not defined in current package * fix a related bug when two objects share the same name in the same package and one is garbled but the other one is not * renamed parameter for clarity
4 years ago
fmt.Println(imported.ReflectInDefinedVar.ExportedField2)
fmt.Println(imported.ReflectInDefined{ExportedField2: 5})
fix garbling names belonging to indirect imports (#203) main.go includes a lengthy comment that documents this edge case, why it happened, and how we are fixing it. To summarize, we should no longer error with a build error in those cases. Read the comment for details. A few other minor changes were done to allow writing this patch. First, the actionID and contentID funcs were renamed, since they started to collide with variable names. Second, the logging has been improved a bit, which allowed me to debug the issue. Third, the "cache" global shared by all garble sub-processes now includes the necessary parameters to run "go list -toolexec", including the path to garble and the build flags being used. Thanks to lu4p for writing a test case, which also applied gofmt to that testdata Go file. Fixes #180. Closes #181, since it includes its test case.
4 years ago
normal := imported.NormalStruct{SharedName: 3}
normal.IndirectStruct.Field = 23
fmt.Println(normal)
Garble imports and package paths in GOPRIVATE (#116) Finally, finally this is done. This allows import paths to be obfuscated by modifying object/archive files and garbling import paths contained within. The bulk of the code that makes parsing and writing Go object/archive files possible lives at https://github.com/Binject/debug/tree/master/goobj2, which I wrote as well. I have tested by garbling and checking for import paths via strings and grep (in order of difficulty) https://github.com/lu4p/binclude, garble itself, and https://github.com/dominikh/go-tools/tree/master/cmd/staticcheck. This only supports object/archive files produced from the Go 1.15 compiler. The object file format changed at 1.15, and 1.14 and earlier is not supported. Fixes #13.
4 years ago
printfWithoutPackage("%T\n", imported.ReflectTypeOf(2))
printfWithoutPackage("%T\n", imported.ReflectTypeOfIndirect(4))
blacklist struct fields with reflection too In the added test, the unexported field used to be garbled. Reflection can only reach exported methods, exported fields, and unexported fields. Exported methods and fields are currently never garbled, so unexported fields was the only missing piece.
4 years ago
v := imported.ReflectValueOfVar
Garble imports and package paths in GOPRIVATE (#116) Finally, finally this is done. This allows import paths to be obfuscated by modifying object/archive files and garbling import paths contained within. The bulk of the code that makes parsing and writing Go object/archive files possible lives at https://github.com/Binject/debug/tree/master/goobj2, which I wrote as well. I have tested by garbling and checking for import paths via strings and grep (in order of difficulty) https://github.com/lu4p/binclude, garble itself, and https://github.com/dominikh/go-tools/tree/master/cmd/staticcheck. This only supports object/archive files produced from the Go 1.15 compiler. The object file format changed at 1.15, and 1.14 and earlier is not supported. Fixes #13.
4 years ago
printfWithoutPackage("%#v\n", v)
blacklist struct fields with reflection too In the added test, the unexported field used to be garbled. Reflection can only reach exported methods, exported fields, and unexported fields. Exported methods and fields are currently never garbled, so unexported fields was the only missing piece.
4 years ago
method := reflect.ValueOf(&v).MethodByName("ExportedMethodName")
if method.IsValid() {
fmt.Println(method.Call(nil))
} else {
fmt.Println("method not found")
}
make detection of reflect more robust It now works with variables and composite type expressions too.
4 years ago
support building modules which require other modules We use 'go list -json -export' to locate required modules. This works fine to locate direct module dependencies; since we're building in the current module, we run 'go list' in the correct directory. However, if we're building one of those module dependencies, and it has other module dependencies of its own, we would fail with cryptic errors like: typecheck error: [...] go list error: updates to go.sum needed, disabled by -mod=readonly This is because we would try to run 'go list' outside of the main module, probably inside the module cache. Instead, use a $GARBLE_DIR env var from the top-level 'garble build' call to always run 'go list' in the original directory. We add a few small modules to properly test this. Updates #9.
4 years ago
fmt.Println(quote.Go())
make the handling of import paths more robust First, make isPrivate panic on malformed import paths, since that should never happen. This catches the errors that some users had run into with packages like gopkg.in/yaml.v2 and github.com/satori/go.uuid: panic: malformed import path "gopkg.in/garbletest%2ev2": invalid char '%' This seems to trigger when a module path contains a dot after the first element, *and* that module is fetched via the proxy. This results in the toolchain URL-encoding the second dot, and garble ends up seeing that encoded path. We reproduce this behavior with a fake gopkg.in module added to the test module proxy. Using yaml.v2 directly would have been easier, but it's pretty large. Note that we tried a replace directive, but that does not trigger the URL-encoding bug. Also note that we do not obfuscate the gopkg.in package; that's fine, as the isPrivate path validity check catches the bug either way. For now, make initImport use url.PathUnescape to work around this issue. The underlying bug is likely in either the goobj2 fork, or in the upstream Go toolchain itself. hashImport also gives a better error if it cannot find a package now, rather than just an "empty seed" panic. Finally, the sanity check in isPrivate unearthed the fact that we do not support garbling test packages at all, since they were invalid paths which never matched GOPRIVATE. Add an explicit check and TODO about that. Fixes #224. Fixes #228.
3 years ago
garbletest.Test()
garbling imported packages starts being supported
5 years ago
}
Garble imports and package paths in GOPRIVATE (#116) Finally, finally this is done. This allows import paths to be obfuscated by modifying object/archive files and garbling import paths contained within. The bulk of the code that makes parsing and writing Go object/archive files possible lives at https://github.com/Binject/debug/tree/master/goobj2, which I wrote as well. I have tested by garbling and checking for import paths via strings and grep (in order of difficulty) https://github.com/lu4p/binclude, garble itself, and https://github.com/dominikh/go-tools/tree/master/cmd/staticcheck. This only supports object/archive files produced from the Go 1.15 compiler. The object file format changed at 1.15, and 1.14 and earlier is not supported. Fixes #13.
4 years ago
func printfWithoutPackage(format string, v interface{}) {
fmt.Print(strings.Split(fmt.Sprintf(format, v), ".")[1])
}
keep build flags when calling 'go list' Otherwise any build flags like -tags won't be used, and we might easily end up with errors or incorrect packages. The common case with -tags is covered by one of the integration test scripts. On top of that, we add a table-driven unit test to cover all edge cases, since there are many we can do quickly in a unit test. Fixes #82.
4 years ago
-- notag_fail.go --
// +build !buildtag
package main
var foo int = "should be omitted by -tags"
-- withtag_success.go --
// +build buildtag
package main
import "fmt"
func init() { fmt.Println("buildtag init func") }
garbling imported packages starts being supported
5 years ago
-- imported/imported.go --
package imported
fix garbling names belonging to indirect imports (#203) main.go includes a lengthy comment that documents this edge case, why it happened, and how we are fixing it. To summarize, we should no longer error with a build error in those cases. Read the comment for details. A few other minor changes were done to allow writing this patch. First, the actionID and contentID funcs were renamed, since they started to collide with variable names. Second, the logging has been improved a bit, which allowed me to debug the issue. Third, the "cache" global shared by all garble sub-processes now includes the necessary parameters to run "go list -toolexec", including the path to garble and the build flags being used. Thanks to lu4p for writing a test case, which also applied gofmt to that testdata Go file. Fixes #180. Closes #181, since it includes its test case.
4 years ago
import (
"reflect"
"test/main/imported/indirect"
)
exclude identifiers used via reflection If reflect.TypeOf or reflect.ValueOf are used on a type declared in the same package, don't garble that type name or any of its fields. Fixes #15.
4 years ago
garbling imported packages starts being supported
5 years ago
var ImportedVar = "imported var value"
const ImportedConst = "imported const value"
support std imports
5 years ago
func ImportedFunc(param rune) string {
return string(param)
}
make detection of reflect more robust It now works with variables and composite type expressions too.
4 years ago
type ReflectTypeOf int
var _ = reflect.TypeOf(ReflectTypeOf(0))
type ReflectTypeOfIndirect int
var _ = reflect.TypeOf(new([]*ReflectTypeOfIndirect))
exclude identifiers used via reflection If reflect.TypeOf or reflect.ValueOf are used on a type declared in the same package, don't garble that type name or any of its fields. Fixes #15.
4 years ago
make detection of reflect more robust It now works with variables and composite type expressions too.
4 years ago
type ReflectValueOf struct {
fix garbling names belonging to indirect imports (#203) main.go includes a lengthy comment that documents this edge case, why it happened, and how we are fixing it. To summarize, we should no longer error with a build error in those cases. Read the comment for details. A few other minor changes were done to allow writing this patch. First, the actionID and contentID funcs were renamed, since they started to collide with variable names. Second, the logging has been improved a bit, which allowed me to debug the issue. Third, the "cache" global shared by all garble sub-processes now includes the necessary parameters to run "go list -toolexec", including the path to garble and the build flags being used. Thanks to lu4p for writing a test case, which also applied gofmt to that testdata Go file. Fixes #180. Closes #181, since it includes its test case.
4 years ago
ExportedField string
blacklist struct fields with reflection too In the added test, the unexported field used to be garbled. Reflection can only reach exported methods, exported fields, and unexported fields. Exported methods and fields are currently never garbled, so unexported fields was the only missing piece.
4 years ago
unexportedField string
make detection of reflect more robust It now works with variables and composite type expressions too.
4 years ago
}
fix garbling names belonging to indirect imports (#203) main.go includes a lengthy comment that documents this edge case, why it happened, and how we are fixing it. To summarize, we should no longer error with a build error in those cases. Read the comment for details. A few other minor changes were done to allow writing this patch. First, the actionID and contentID funcs were renamed, since they started to collide with variable names. Second, the logging has been improved a bit, which allowed me to debug the issue. Third, the "cache" global shared by all garble sub-processes now includes the necessary parameters to run "go list -toolexec", including the path to garble and the build flags being used. Thanks to lu4p for writing a test case, which also applied gofmt to that testdata Go file. Fixes #180. Closes #181, since it includes its test case.
4 years ago
func (r *ReflectValueOf) ExportedMethodName() string { return "method: " + r.ExportedField }
blacklist struct fields with reflection too In the added test, the unexported field used to be garbled. Reflection can only reach exported methods, exported fields, and unexported fields. Exported methods and fields are currently never garbled, so unexported fields was the only missing piece.
4 years ago
var ReflectValueOfVar = ReflectValueOf{ExportedField: "abc"}
make detection of reflect more robust It now works with variables and composite type expressions too.
4 years ago
var _ = reflect.TypeOf(ReflectValueOfVar)
exclude identifiers used via reflection If reflect.TypeOf or reflect.ValueOf are used on a type declared in the same package, don't garble that type name or any of its fields. Fixes #15.
4 years ago
Fix bug where structs would get garbled in some packages but not in others (#161) * fix bug where structs would get garbled in some packages but not in others * only check if struct/field was not defined in current package * fix a related bug when two objects share the same name in the same package and one is garbled but the other one is not * renamed parameter for clarity
4 years ago
type ReflectInDefined struct {
fix garbling names belonging to indirect imports (#203) main.go includes a lengthy comment that documents this edge case, why it happened, and how we are fixing it. To summarize, we should no longer error with a build error in those cases. Read the comment for details. A few other minor changes were done to allow writing this patch. First, the actionID and contentID funcs were renamed, since they started to collide with variable names. Second, the logging has been improved a bit, which allowed me to debug the issue. Third, the "cache" global shared by all garble sub-processes now includes the necessary parameters to run "go list -toolexec", including the path to garble and the build flags being used. Thanks to lu4p for writing a test case, which also applied gofmt to that testdata Go file. Fixes #180. Closes #181, since it includes its test case.
4 years ago
ExportedField2 int
Fix bug where structs would get garbled in some packages but not in others (#161) * fix bug where structs would get garbled in some packages but not in others * only check if struct/field was not defined in current package * fix a related bug when two objects share the same name in the same package and one is garbled but the other one is not * renamed parameter for clarity
4 years ago
unexportedField2 int
}
var ReflectInDefinedVar = ReflectInDefined{ExportedField2: 9000}
var _ = reflect.TypeOf(ReflectInDefinedVar)
const SharedName = 2
Allow struct fields to be garbled, fixes #48 (#159) * Allow struct fields to be garbled, fixes #48 * fix syntax test script * simplified code according to review
4 years ago
type NormalStruct struct {
fix garbling names belonging to indirect imports (#203) main.go includes a lengthy comment that documents this edge case, why it happened, and how we are fixing it. To summarize, we should no longer error with a build error in those cases. Read the comment for details. A few other minor changes were done to allow writing this patch. First, the actionID and contentID funcs were renamed, since they started to collide with variable names. Second, the logging has been improved a bit, which allowed me to debug the issue. Third, the "cache" global shared by all garble sub-processes now includes the necessary parameters to run "go list -toolexec", including the path to garble and the build flags being used. Thanks to lu4p for writing a test case, which also applied gofmt to that testdata Go file. Fixes #180. Closes #181, since it includes its test case.
4 years ago
SharedName int
IndirectStruct indirect.Indirect
Allow struct fields to be garbled, fixes #48 (#159) * Allow struct fields to be garbled, fixes #48 * fix syntax test script * simplified code according to review
4 years ago
normalUnexportedField int
}
make detection of reflect more robust It now works with variables and composite type expressions too.
4 years ago
// ImportedType comes after the calls to reflect, to ensure no false positives.
type ImportedType int
fix garbling names belonging to indirect imports (#203) main.go includes a lengthy comment that documents this edge case, why it happened, and how we are fixing it. To summarize, we should no longer error with a build error in those cases. Read the comment for details. A few other minor changes were done to allow writing this patch. First, the actionID and contentID funcs were renamed, since they started to collide with variable names. Second, the logging has been improved a bit, which allowed me to debug the issue. Third, the "cache" global shared by all garble sub-processes now includes the necessary parameters to run "go list -toolexec", including the path to garble and the build flags being used. Thanks to lu4p for writing a test case, which also applied gofmt to that testdata Go file. Fixes #180. Closes #181, since it includes its test case.
4 years ago
-- imported/indirect/indirect.go --
package indirect
type Indirect struct {
Field int
}
make detection of reflect more robust It now works with variables and composite type expressions too.
4 years ago
-- main.stdout --
keep build flags when calling 'go list' Otherwise any build flags like -tags won't be used, and we might easily end up with errors or incorrect packages. The common case with -tags is covered by one of the integration test scripts. On top of that, we add a table-driven unit test to cover all edge cases, since there are many we can do quickly in a unit test. Fixes #82.
4 years ago
buildtag init func
make detection of reflect more robust It now works with variables and composite type expressions too.
4 years ago
imported var value
imported const value
blacklist struct fields with reflection too In the added test, the unexported field used to be garbled. Reflection can only reach exported methods, exported fields, and unexported fields. Exported methods and fields are currently never garbled, so unexported fields was the only missing piece.
4 years ago
x
make detection of reflect more robust It now works with variables and composite type expressions too.
4 years ago
3
Fix bug where structs would get garbled in some packages but not in others (#161) * fix bug where structs would get garbled in some packages but not in others * only check if struct/field was not defined in current package * fix a related bug when two objects share the same name in the same package and one is garbled but the other one is not * renamed parameter for clarity
4 years ago
9000
{5 0}
fix garbling names belonging to indirect imports (#203) main.go includes a lengthy comment that documents this edge case, why it happened, and how we are fixing it. To summarize, we should no longer error with a build error in those cases. Read the comment for details. A few other minor changes were done to allow writing this patch. First, the actionID and contentID funcs were renamed, since they started to collide with variable names. Second, the logging has been improved a bit, which allowed me to debug the issue. Third, the "cache" global shared by all garble sub-processes now includes the necessary parameters to run "go list -toolexec", including the path to garble and the build flags being used. Thanks to lu4p for writing a test case, which also applied gofmt to that testdata Go file. Fixes #180. Closes #181, since it includes its test case.
4 years ago
{3 {23} 0}
Garble imports and package paths in GOPRIVATE (#116) Finally, finally this is done. This allows import paths to be obfuscated by modifying object/archive files and garbling import paths contained within. The bulk of the code that makes parsing and writing Go object/archive files possible lives at https://github.com/Binject/debug/tree/master/goobj2, which I wrote as well. I have tested by garbling and checking for import paths via strings and grep (in order of difficulty) https://github.com/lu4p/binclude, garble itself, and https://github.com/dominikh/go-tools/tree/master/cmd/staticcheck. This only supports object/archive files produced from the Go 1.15 compiler. The object file format changed at 1.15, and 1.14 and earlier is not supported. Fixes #13.
4 years ago
ReflectTypeOf
ReflectTypeOfIndirect
ReflectValueOf{ExportedField:"abc", unexportedField:""}
blacklist struct fields with reflection too In the added test, the unexported field used to be garbled. Reflection can only reach exported methods, exported fields, and unexported fields. Exported methods and fields are currently never garbled, so unexported fields was the only missing piece.
4 years ago
[method: abc]
make detection of reflect more robust It now works with variables and composite type expressions too.
4 years ago
Don't communicate by sharing memory, share memory by communicating.