justan0th3rstud3nt
/
garble
mirror of https://github.com/burrowers/garble
1
0
Fork 0
Code Issues 1 Projects Releases Wiki Activity

obfuscate cgo-generated-Go filenames

Browse Source 
It's not a problem to leak filenames like _cgo_gotypes.go,
but it is a problem when it includes the import path:

	$ strings main | grep _cgo_gotypes
	test/main/_cgo_gotypes.go

Here, "test/main" is the module path, which we want to hide.
We hadn't caught this before because the cgo.txt test did not check that
module paths aren't being leaked - it does now.

The fix is rather simple; we let printFile handle cgo-generated files.
We used to avoid that due to compiler errors, as the compiler only
allows some special cgo comment directives to work in cgo-generated
code, to prevent misuse in user code.

The fix is rather easy: the obfuscated filenames should begin with
"_cgo_" to appease the compiler's check.
pull/560/head
Daniel Martí 3 years ago committed by lu4p
parent 2d12f41e71
commit 21dfbd3379
2 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File

9
position.go
Unescape Escape View File

@ -37,10 +37,9 @@ func printFile(file *ast.File) ([]byte, error) {
fsetFile := fset.File(file.Pos()) fsetFile := fset.File(file.Pos())
filename := filepath.Base(fsetFile.Name()) filename := filepath.Base(fsetFile.Name())
newPrefix := ""
if strings.HasPrefix(filename, "_cgo_") { if strings.HasPrefix(filename, "_cgo_") {
// cgo-generated files don't need changed line numbers. newPrefix = "_cgo_"
// Plus, the compiler can complain rather easily.
return src, nil
} }
// Many parts of garble, notably the literal obfuscator, modify the AST. // Many parts of garble, notably the literal obfuscator, modify the AST.
@ -73,7 +72,7 @@ func printFile(file *ast.File) ([]byte, error) {
// in case we miss any positions below. // in case we miss any positions below.
// We use a //-style comment, because there might be build tags. // We use a //-style comment, because there might be build tags.
// toAdd is for /*-style comments, so add it to printBuf2 directly. // toAdd is for /*-style comments, so add it to printBuf2 directly.
printBuf2.WriteString("//line :1\n") fmt.Fprintf(&printBuf2, "//line %s:1\n", newPrefix)
// We use an empty filename when tokenizing below. // We use an empty filename when tokenizing below.
// We use a nil go/scanner.ErrorHandler because src comes from go/printer. // We use a nil go/scanner.ErrorHandler because src comes from go/printer.
@ -126,7 +125,7 @@ func printFile(file *ast.File) ([]byte, error) {
// Otherwise, we could change the syntax of the program. // Otherwise, we could change the syntax of the program.
// Inserting "/*text*/" in "a/b" // must be "a/ /*text*/ b", // Inserting "/*text*/" in "a/b" // must be "a/ /*text*/ b",
// as "a//*text*/b" is tokenized as a "//" comment. // as "a//*text*/b" is tokenized as a "//" comment.
fmt.Fprintf(&printBuf2, " /*line %s:1*/ ", newName) fmt.Fprintf(&printBuf2, " /*line %s%s:1*/ ", newPrefix, newName)
} }
} }
} }

2
testdata/scripts/cgo.txt vendored
Unescape Escape View File

@ -6,7 +6,7 @@ garble build
! stderr 'warning' # check that the C toolchain is happy ! stderr 'warning' # check that the C toolchain is happy
exec ./main exec ./main
cmp stdout main.stdout cmp stdout main.stdout
! binsubstr main$exe 'PortedField' ! binsubstr main$exe 'PortedField' 'test/main'
[short] stop # no need to verify this with -short [short] stop # no need to verify this with -short

Write Preview
Loading…
Cancel
Save