simplify, improve, and test line obfuscation (#239)

First, remove the shuffling of the declarations list within each file. This is what we used at the very start to shuffle positions. Ever since we started obfuscating positions via //line comments, that has been entirely unnecessary. Second, add a proper test that will fail if we don't obfuscate line numbers well enough. Filenames were already decently covered by other tests. Third, simplify the line obfuscation code. It does not require astutil.Apply, and ranging over file.Decls is easier. Finally, also obfuscate the position of top-level vars, since we only used to do it for top-level funcs. Without that fix, the test would fail as varLines was unexpectedly sorted.
4 years ago · e2a32634a6
parent 63c42c3cc7
commit e2a32634a6
3 changed files with 128 additions and 41 deletions
--- a/line_obfuscator.go
+++ b/line_obfuscator.go
@ -8,8 +8,6 @@ import (
 	"go/ast"
 	mathrand "math/rand"
 	"strings"
-
-	"golang.org/x/tools/go/ast/astutil"
 )

 // PosMin is the smallest correct value for the line number.
@ -111,32 +109,34 @@ func (tf *transformer) transformLineInfo(file *ast.File, name string) (detachedC
 	detachedComments = append(detachedComments, "", "//line "+prefix+":1")
 	file.Comments = nil

-	newLines := mathrand.Perm(len(file.Decls))
-
-	funcCounter := 0
-	pre := func(cursor *astutil.Cursor) bool {
-		node := cursor.Node()
+	ast.Inspect(file, func(node ast.Node) bool {
 		clearNodeComments(node)
+		return true
+	})
+	// If tiny mode is active information about line numbers is erased in object files
+	if opts.Tiny {
+		return detachedComments, file
+	}

-		// If tiny mode is active information about line numbers is erased in object files
-		if opts.Tiny {
-			return true
-		}
-		funcDecl, ok := node.(*ast.FuncDecl)
-		if !ok {
-			return true
+	newLines := mathrand.Perm(len(file.Decls))
+
+	for i, decl := range file.Decls {
+		var doc **ast.CommentGroup
+		switch decl := decl.(type) {
+		case *ast.FuncDecl:
+			doc = &decl.Doc
+		case *ast.GenDecl:
+			doc = &decl.Doc
 		}
 		newPos := fmt.Sprintf("%s%c.go:%d",
 			prefix,
 			nameCharset[mathrand.Intn(len(nameCharset))],
-			PosMin+newLines[funcCounter],
+			PosMin+newLines[i],
 		)

 		comment := &ast.Comment{Text: "//line " + newPos}
-		funcDecl.Doc = prependComment(funcDecl.Doc, comment)
-		funcCounter++
-		return true
+		*doc = prependComment(*doc, comment)
 	}

-	return detachedComments, astutil.Apply(file, pre, nil).(*ast.File)
+	return detachedComments, file
 }
--- a/main.go
+++ b/main.go
@ -911,28 +911,6 @@ type transformer struct {

 // transformGo garbles the provided Go syntax node.
 func (tf *transformer) transformGo(file *ast.File) *ast.File {
-	// Shuffle top level declarations
-	mathrand.Shuffle(len(file.Decls), func(i, j int) {
-		decl1 := file.Decls[i]
-		decl2 := file.Decls[j]
-
-		// Import declarations must remain at the top of the file.
-		gd1, iok1 := decl1.(*ast.GenDecl)
-		gd2, iok2 := decl2.(*ast.GenDecl)
-		if (iok1 && gd1.Tok == token.IMPORT) || (iok2 && gd2.Tok == token.IMPORT) {
-			return
-		}
-
-		// init function declarations must remain in order.
-		fd1, fok1 := decl1.(*ast.FuncDecl)
-		fd2, fok2 := decl2.(*ast.FuncDecl)
-		if (fok1 && fd1.Name.Name == "init") || (fok2 && fd2.Name.Name == "init") {
-			return
-		}
-
-		file.Decls[i], file.Decls[j] = decl2, decl1
-	})
-
 	pre := func(cursor *astutil.Cursor) bool {
 		node, ok := cursor.Node().(*ast.Ident)
 		if !ok {
--- a/testdata/scripts/position.txt
+++ b/testdata/scripts/position.txt
@ -0,0 +1,109 @@
+env GOPRIVATE=test/main
+
+garble build
+exec ./main
+! stdout 'main.go|other_file_name|is sorted'
+
+[short] stop # no need to verify this with -short
+
+go build
+exec ./main
+stdout 'main.go'
+stdout 'other_file_name'
+stdout ':19: main'
+stdout 'initLines is sorted'
+stdout 'varLines is sorted'
+
+-- go.mod --
+module test/main
+
+go 1.15
+-- main.go --
+package main
+
+import (
+	"fmt"
+	"runtime"
+	"sort"
+)
+
+var _, globalFile, globalLine, _ = runtime.Caller(0)
+
+func init() {
+	_, file, line, _ := runtime.Caller(0)
+	fmt.Printf("%s:%d: init\n", file, line)
+}
+
+func main() {
+	fmt.Printf("%s:%d: global\n", globalFile, globalLine)
+
+	_, file, line, _ := runtime.Caller(0)
+	fmt.Printf("%s:%d: main\n", file, line)
+
+	funcDecl()
+	funcVar()
+
+	// initLines is filled by ten consecutive funcs.
+	// If we are not shuffling or obfuscating line numbers,
+	// this list will be sorted.
+	// If we are, it's extremely unlikely it would remain sorted.
+	if sort.IsSorted(sort.IntSlice(initLines)) {
+		fmt.Println("initLines is sorted")
+	}
+
+	// Same as the above, but with vars.
+	if sort.IsSorted(sort.IntSlice(varLines)) {
+		fmt.Println("varLines is sorted")
+	}
+}
+-- other_file_name.go --
+package main
+
+import (
+	"fmt"
+	"runtime"
+)
+
+func funcDecl() {
+	_, file, line, _ := runtime.Caller(0)
+	fmt.Printf("%s:%d: func\n", file, line)
+}
+
+var funcVar = func() {
+	_, file, line, _ := runtime.Caller(0)
+	fmt.Printf("%s:%d: func var\n", file, line)
+}
+
+var initLines []int
+
+func curLine() int {
+	_, _, line, _ := runtime.Caller(1)
+	return line
+}
+
+func init() { initLines = append(initLines, curLine()) }
+func init() { initLines = append(initLines, curLine()) }
+func init() { initLines = append(initLines, curLine()) }
+func init() { initLines = append(initLines, curLine()) }
+func init() { initLines = append(initLines, curLine()) }
+func init() { initLines = append(initLines, curLine()) }
+func init() { initLines = append(initLines, curLine()) }
+func init() { initLines = append(initLines, curLine()) }
+func init() { initLines = append(initLines, curLine()) }
+func init() { initLines = append(initLines, curLine()) }
+
+var varLine0 = curLine()
+var varLine1 = curLine()
+var varLine2 = curLine()
+var varLine3 = curLine()
+var varLine4 = curLine()
+var varLine5 = curLine()
+var varLine6 = curLine()
+var varLine7 = curLine()
+var varLine8 = curLine()
+var varLine9 = curLine()
+
+var varLines = []int{
+	varLine0, varLine1, varLine2, varLine3, varLine4,
+	varLine5, varLine6, varLine7, varLine8, varLine9,
+}