Added additional test for eval transformer

package.json

@@ -48,7 +48,7 @@
     "@types/md5": "2.1.32",
     "@types/mkdirp": "0.5.2",
     "@types/mocha": "2.2.46",
-    "@types/node": "8.5.7",
+    "@types/node": "9.3.0",
     "@types/rimraf": "2.0.2",
     "@types/sinon": "4.1.2",
     "@types/string-template": "1.0.2",
@@ -64,12 +64,12 @@
     "mocha": "4.1.0",
     "pre-commit": "1.2.2",
     "rimraf": "2.6.2",
-    "sinon": "4.1.3",
+    "sinon": "4.1.4",
     "threads": "0.10.0",
     "ts-node": "4.1.0",
     "tslint": "5.8.0",
     "tslint-eslint-rules": "4.1.1",
-    "tslint-language-service": "0.9.7",
+    "tslint-language-service": "0.9.8",
     "tslint-webpack-plugin": "1.0.0",
     "typescript": "2.6.2",
     "webpack": "3.10.0",

src/node-transformers/finalizing-transformers/AstToEvalCallExpressionTransformer.ts

@@ -32,7 +32,7 @@ export class AstToEvalCallExpressionTransformer extends AbstractNodeTransformer
     public getVisitor (): IVisitor {
         return {
             leave: (node: ESTree.Node, parentNode: ESTree.Node | null) => {
-                if (parentNode && node.isEvalRoot && NodeGuards.isFunctionDeclarationNode(node)) {
+                if (parentNode && node.isEvalRoot && NodeGuards.isFunctionExpressionNode(node)) {
                     return this.transformNode(node, parentNode);
                 }
             }
@@ -40,18 +40,18 @@ export class AstToEvalCallExpressionTransformer extends AbstractNodeTransformer
     }
 
     /**
-     * @param {FunctionDeclaration} functionDeclaration
+     * @param {FunctionExpression} evalRootAstHostNode
      * @param {Node} parentNode
      * @returns {Node}
      */
-    public transformNode (functionDeclaration: ESTree.FunctionDeclaration, parentNode: ESTree.Node): ESTree.Node {
-        const targetAst: ESTree.Statement[] = functionDeclaration.body.body;
-        const code: string = NodeUtils.convertStructureToCode(targetAst);
+    public transformNode (evalRootAstHostNode: ESTree.FunctionExpression, parentNode: ESTree.Node): ESTree.Node {
+        const targetAst: ESTree.Statement[] = evalRootAstHostNode.body.body;
+        const obfuscatedCode: string = NodeUtils.convertStructureToCode(targetAst);
 
         return Nodes.getCallExpressionNode(
             Nodes.getIdentifierNode('eval'),
             [
-                Nodes.getLiteralNode(jsStringEscape(code))
+                Nodes.getLiteralNode(jsStringEscape(obfuscatedCode))
             ]
         );
     }

src/node-transformers/preparing-transformers/EvaCallExpressionToAstTransformer.ts

@@ -46,31 +46,39 @@ export class EvalCallExpressionToAstTransformer extends AbstractNodeTransformer
     }
 
     /**
-     * @param {CallExpression} callExpression
+     * @param {CallExpression} callExpressionNode
      * @param {Node} parentNode
      * @returns {Node}
      */
-    public transformNode (callExpression: ESTree.CallExpression, parentNode: ESTree.Node): ESTree.Node {
-        const callExpressionFirstArgument: ESTree.Expression | ESTree.SpreadElement = callExpression.arguments[0];
+    public transformNode (callExpressionNode: ESTree.CallExpression, parentNode: ESTree.Node): ESTree.Node {
+        const callExpressionFirstArgument: ESTree.Expression | ESTree.SpreadElement = callExpressionNode.arguments[0];
 
-        if (!callExpressionFirstArgument || !NodeGuards.isLiteralNode(callExpressionFirstArgument)) {
-            return callExpression;
+        if (
+            !callExpressionFirstArgument
+            || !NodeGuards.isLiteralNode(callExpressionFirstArgument)
+            || typeof callExpressionFirstArgument.value !== 'string'
+        ) {
+            return callExpressionNode;
         }
 
-        if (typeof callExpressionFirstArgument.value !== 'string') {
-            return callExpression;
+        const code: string = callExpressionFirstArgument.value;
+
+        let ast: TStatement[];
+
+        // wrapping into try-catch to prevent parsing of incorrect `eval` string
+        try {
+            ast = NodeUtils.convertCodeToStructure(code);
+        } catch (e) {
+            return callExpressionNode;
         }
 
-        const code: string = callExpressionFirstArgument.value;
-        const ast: TStatement[] = NodeUtils.convertCodeToStructure(code);
-        const functionDeclaration: ESTree.FunctionDeclaration = Nodes.getFunctionDeclarationNode(
-            'evalRoot',
+        const evalRootAstHost: ESTree.FunctionExpression = Nodes.getFunctionExpressionNode(
             [],
             Nodes.getBlockStatementNode(<any>ast)
         );
 
-        functionDeclaration.isEvalRoot = true;
+        evalRootAstHost.isEvalRoot = true;
 
-        return functionDeclaration;
+        return evalRootAstHost;
     }
 }

test/dev/dev.ts

@@ -7,12 +7,11 @@ import { NO_ADDITIONAL_NODES_PRESET } from '../../src/options/presets/NoCustomNo
     let obfuscatedCode: string = JavaScriptObfuscator.obfuscate(
         `
         (function(){
-            function foo (a, b) {
-                return eval('var c = a + b; eval(\\'a + c\\');');
-
+            function foo () {
+                eval('var s = 1;');
             }
-            
-            console.log(foo(1, 2));
+        
+            foo();
         })();
         `,
         {

test/functional-tests/node-transformers/control-flow-transformers/block-statement-control-flow-transformer/BlockStatementControlFlowTransformer.spec.ts

@@ -36,7 +36,6 @@ describe('BlockStatementControlFlowTransformer', function () {
                 );
 
                 obfuscatedCode = obfuscationResult.getObfuscatedCode();
-                console.log(obfuscatedCode);
             });
 
             describe('`console.log` statements', ()=> {

test/functional-tests/node-transformers/finalizing-transformers/ast-to-eval-call-expression-transformer/AstToEvalCallExpressionTransformer.spec.ts

@@ -233,7 +233,29 @@ describe('AstToEvalCallExpressionTransformer', () => {
         });
     });
 
-    describe('variant #7: integration with control flow flattening', () => {
+    describe('variant #7: wrong eval string', () => {
+        const evalExpressionRegExp: RegExp = /eval *\('~'\);/;
+
+        let obfuscatedCode: string
+
+        before(() => {
+            const code: string = readFileAsString(__dirname + '/fixtures/wrong-eval-string.js');
+            const obfuscationResult: IObfuscationResult = JavaScriptObfuscator.obfuscate(
+                code,
+                {
+                    ...NO_ADDITIONAL_NODES_PRESET
+                }
+            );
+
+            obfuscatedCode = obfuscationResult.getObfuscatedCode();
+        });
+
+        it('should skip obfuscation of eval string', () => {
+            assert.match(obfuscatedCode, evalExpressionRegExp);
+        });
+    });
+
+    describe('variant #8: integration with control flow flattening', () => {
         const variableMatch: string = '_0x([a-f0-9]){4,6}';
         const controlFlowStorageNodeMatch: string = `` +
             `var *${variableMatch} *= *\\{` +

test/functional-tests/node-transformers/finalizing-transformers/ast-to-eval-call-expression-transformer/fixtures/wrong-eval-string.js

@@ -0,0 +1,7 @@
+(function(){
+    function foo () {
+        eval('~');
+    }
+
+    foo();
+})();

yarn.lock

@@ -72,11 +72,11 @@
   version "8.0.53"
   resolved "https://registry.yarnpkg.com/@types/node/-/node-8.0.53.tgz#396b35af826fa66aad472c8cb7b8d5e277f4e6d8"
 
-"@types/node@8.5.7":
-  version "8.5.7"
-  resolved "https://registry.yarnpkg.com/@types/node/-/node-8.5.7.tgz#9c498c35af354dcfbca3790fb2e81129e93cf0e2"
+"@types/node@9.3.0":
+  version "9.3.0"
+  resolved "https://registry.yarnpkg.com/@types/node/-/node-9.3.0.tgz#3a129cda7c4e5df2409702626892cb4b96546dd5"
 
-"@types/rimraf@^2.0.2":
+"@types/[email protected]":
   version "2.0.2"
   resolved "https://registry.yarnpkg.com/@types/rimraf/-/rimraf-2.0.2.tgz#7f0fc3cf0ff0ad2a99bb723ae1764f30acaf8b6e"
   dependencies:
@@ -2242,7 +2242,7 @@ [email protected]:
     which "^1.1.1"
     wordwrap "^1.0.0"
 
-js-string-escape@^1.0.1:
[email protected]:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/js-string-escape/-/js-string-escape-1.0.1.tgz#e2625badbc0d67c7533e9edc1068c587ae4137ef"
 
@@ -2964,7 +2964,7 @@ pinkie@^2.0.0:
   version "2.0.4"
   resolved "https://registry.yarnpkg.com/pinkie/-/pinkie-2.0.4.tgz#72556b80cfa0d48a974e80e77248e80ed4f7f870"
 
-pjson@^1.0.9:
[email protected]:
   version "1.0.9"
   resolved "https://registry.yarnpkg.com/pjson/-/pjson-1.0.9.tgz#8a9520ce76a4739f8fee91679dad6b065b1c7938"
 
@@ -3239,7 +3239,7 @@ right-align@^0.1.1:
   dependencies:
     align-text "^0.1.1"
 
-rimraf@2, rimraf@^2.5.1, rimraf@^2.6.1, rimraf@^2.6.2:
+rimraf@2, rimraf@2.6.2, rimraf@^2.5.1, rimraf@^2.6.1:
   version "2.6.2"
   resolved "https://registry.yarnpkg.com/rimraf/-/rimraf-2.6.2.tgz#2ed8150d24a16ea8651e6d6ef0f47c4158ce7a36"
   dependencies:
@@ -3331,9 +3331,9 @@ signal-exit@^3.0.0, signal-exit@^3.0.2:
   version "3.0.2"
   resolved "https://registry.yarnpkg.com/signal-exit/-/signal-exit-3.0.2.tgz#b5fdc08f1287ea1178628e415e25132b73646c6d"
 
[email protected].3:
-  version "4.1.3"
-  resolved "https://registry.yarnpkg.com/sinon/-/sinon-4.1.3.tgz#fc599eda47ed9f1a694ce774b94ab44260bd7ac5"
[email protected].4:
+  version "4.1.4"
+  resolved "https://registry.yarnpkg.com/sinon/-/sinon-4.1.4.tgz#36bb237bae38ddf9cc92dcc1b16c51e7785bbc9c"
   dependencies:
     diff "^3.1.0"
     formatio "1.2.0"
@@ -3613,7 +3613,7 @@ text-encoding@^0.6.4:
   version "0.6.4"
   resolved "https://registry.yarnpkg.com/text-encoding/-/text-encoding-0.6.4.tgz#e399a982257a276dae428bb92845cb71bdc26d19"
 
-threads@^0.10.0:
[email protected]:
   version "0.10.0"
   resolved "https://registry.yarnpkg.com/threads/-/threads-0.10.0.tgz#a6b0bc5d916fa75434b166c612769684b65fead5"
   dependencies:
@@ -3711,9 +3711,9 @@ [email protected]:
     tslib "^1.0.0"
     tsutils "^1.4.0"
 
[email protected].7:
-  version "0.9.7"
-  resolved "https://registry.yarnpkg.com/tslint-language-service/-/tslint-language-service-0.9.7.tgz#94a35442bc1163e4629df8804e6fa694ced549ff"
[email protected].8:
+  version "0.9.8"
+  resolved "https://registry.yarnpkg.com/tslint-language-service/-/tslint-language-service-0.9.8.tgz#22a6f2f926b7c0a4cafed3ae1f65021e8008dc96"
 
 [email protected]:
   version "1.0.0"