justan0th3rstud3nt
/
garble
mirror of https://github.com/burrowers/garble
1
0
Fork 0
Code Issues 1 Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
ci-test
literalRecheck
v0.14.2
v0.14.1
v0.14.0
v0.13.0
v0.12.1
v0.12.0
v0.11.0
v0.10.1
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.0
v0.7.2
v0.7.1
v0.7.0
v0.6.0
v0.5.1
v0.5.0
v0.4.0
v0.3.0
v0.2.0
v0.1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c1c90fee13'
${ noResults }
garble/testdata/scripts/ldflags.txt

71 lines
2.0 KiB
Plaintext
Raw Normal View History Unescape Escape

avoid obfuscating literals set via -ldflags=-X The -X linker flag sets a string variable to a given value, which is often used to inject strings such as versions. The way garble's literal obfuscation works, we replace string literals with anonymous functions which, when evaluated, result in the original string. Both of these features work fine separately, but when intersecting, they break. For example, given: var myVar = "original" [...] -ldflags=-X=main.myVar=replaced The -X flag effectively replaces the initial value, and -literals adds code to be run at init time: var myVar = "replaced" func init() { myVar = func() string { ... } } Since the init func runs later, -literals breaks -X. To avoid that problem, don't obfuscate literals whose variables are set via -ldflags=-X. We also leave TODOs about obfuscating those in the future, but we're also leaving regression tests to ensure we get it right. Fixes #323.
3 years ago
env GOGARBLE=*
testdata: set GOPRIVATE in all but two tests (#104) basic.txt just builds main.go without a module. Similarly, we leave imports.txt without a GOPRIVATE, to test the 'go list -m' fallback. For all other tests, explicitly set GOPRIVATE, to avoid two exec calls - both 'go env GOPRIVATE' as well as 'go list -m'. Each of those calls takes in the order of 10ms, so saving ~26 exec calls should easily add to 200-300ms saved from 'go test -short'.
5 years ago
avoid obfuscating literals set via -ldflags=-X The -X linker flag sets a string variable to a given value, which is often used to inject strings such as versions. The way garble's literal obfuscation works, we replace string literals with anonymous functions which, when evaluated, result in the original string. Both of these features work fine separately, but when intersecting, they break. For example, given: var myVar = "original" [...] -ldflags=-X=main.myVar=replaced The -X flag effectively replaces the initial value, and -literals adds code to be run at init time: var myVar = "replaced" func init() { myVar = func() string { ... } } Since the init func runs later, -literals breaks -X. To avoid that problem, don't obfuscate literals whose variables are set via -ldflags=-X. We also leave TODOs about obfuscating those in the future, but we're also leaving regression tests to ensure we get it right. Fixes #323.
3 years ago
# Note the proper domain, since the dot adds an edge case.
add support for -ldflags using quotes In particular, using -ldflags with - In particular, a command like: garble -literals build -ldflags='-X "main.foo=foo bar"' would fail, because we would try to use "\"main" as the package name for the -X qualified name, with the leading quote character. This is because we used strings.Split(ldflags, " "). Instead, use the same quoted.Split that cmd/go uses, copied over thanks to x/tools/cmd/bundle and go:generate. Updates #492.
3 years ago
#
# Also note that there are three forms of -X allowed:
#
# -X=name=value
# -X name=value
# -X "name=value" (or with single quotes, allows spaces in value)
env LDFLAGS='-X=main.unexportedVersion=v1.22.33 -X=main.replacedWithEmpty= -X "main.replacedWithSpaces= foo bar " -X=domain.test/main/imported.ExportedUnset=garble_replaced -X=domain.test/missing/path.missingVar=value'
ignore -ldflags=-X flags mentioning unknown packages That would panic, since the *listedPackage would be nil for a package path we aren't aware of: panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x88 pc=0x126b57d] goroutine 1 [running]: main.transformLink.func1(0x7ffeefbff28b, 0x5d) mvdan.cc/garble@v0.0.0-20210302140807-b03cd08c0946/main.go:1260 +0x17d main.flagValueIter(0xc0000a8e20, 0x2f, 0x2f, 0x12e278e, 0x2, 0xc000129e28) mvdan.cc/garble@v0.0.0-20210302140807-b03cd08c0946/main.go:1410 +0x1e9 main.transformLink(0xc0000a8e20, 0x30, 0x36, 0x4, 0xc000114648, 0x23, 0x12dfd60, 0x0) mvdan.cc/garble@v0.0.0-20210302140807-b03cd08c0946/main.go:1241 +0x1b9 main.mainErr(0xc0000a8e10, 0x31, 0x37, 0x37, 0x0) mvdan.cc/garble@v0.0.0-20210302140807-b03cd08c0946/main.go:287 +0x389 main.main1(0xc000096058) mvdan.cc/garble@v0.0.0-20210302140807-b03cd08c0946/main.go:150 +0xe7 main.main() mvdan.cc/garble@v0.0.0-20210302140807-b03cd08c0946/main.go:83 +0x25 The linker ignores such unknown references, so we should too. Fixes #259.
4 years ago
garble build -ldflags=${LDFLAGS}
support -ldflags=-X=pkg.name=str with garbled names Because the linker has access to all the build IDs, just like the compiler, we can support this transparently. Add a test too. Fixes #21.
5 years ago
exec ./main
avoid obfuscating literals set via -ldflags=-X The -X linker flag sets a string variable to a given value, which is often used to inject strings such as versions. The way garble's literal obfuscation works, we replace string literals with anonymous functions which, when evaluated, result in the original string. Both of these features work fine separately, but when intersecting, they break. For example, given: var myVar = "original" [...] -ldflags=-X=main.myVar=replaced The -X flag effectively replaces the initial value, and -literals adds code to be run at init time: var myVar = "replaced" func init() { myVar = func() string { ... } } Since the init func runs later, -literals breaks -X. To avoid that problem, don't obfuscate literals whose variables are set via -ldflags=-X. We also leave TODOs about obfuscating those in the future, but we're also leaving regression tests to ensure we get it right. Fixes #323.
3 years ago
cmp stdout main.stdout
concentrate and simplify "to obfuscate" logic Back in the day, we used to call toObfuscate anytime we needed to know whether a package should be obfuscated. More recently, we started computing via the ToObfuscate field, which then gets shared with all sub-processes via sharedCache. We still had two places that directly called toObfuscate. Replace those with ToObfuscate, and inline toObfuscate into shared.go. obfuscatedImportPath is also a potential footgun for main packages. Some use cases always want the original "main" package name, such as for use in the compiler's "-p main" flag, while other cases want the obfuscated package import path, such as the entries in importcfg files. Since each of these call sites handles the edge case well, obfuscatedImportPath now panics on main packages to avoid any misuse. Finally, test that we never leak main package paths via ldflags.txt. We never did, but it's good to make sure. Overall, this avoids confusion and trims the size of main.go a bit.
3 years ago
! binsubstr main$exe 'domain.test/main' 'unexportedVersion' 'ExportedUnset'
support -ldflags=-X=pkg.name=str with garbled names Because the linker has access to all the build IDs, just like the compiler, we can support this transparently. Add a test too. Fixes #21.
5 years ago
[short] stop # no need to verify this with -short
avoid obfuscating literals set via -ldflags=-X The -X linker flag sets a string variable to a given value, which is often used to inject strings such as versions. The way garble's literal obfuscation works, we replace string literals with anonymous functions which, when evaluated, result in the original string. Both of these features work fine separately, but when intersecting, they break. For example, given: var myVar = "original" [...] -ldflags=-X=main.myVar=replaced The -X flag effectively replaces the initial value, and -literals adds code to be run at init time: var myVar = "replaced" func init() { myVar = func() string { ... } } Since the init func runs later, -literals breaks -X. To avoid that problem, don't obfuscate literals whose variables are set via -ldflags=-X. We also leave TODOs about obfuscating those in the future, but we're also leaving regression tests to ensure we get it right. Fixes #323.
3 years ago
garble -tiny -literals -seed=0002deadbeef build -ldflags=${LDFLAGS}
Rewrite renaming logic for private names and reduce length of public names (#135) 1. Now private names are obfuscated based on the counter in scope of the package. 2. The length of public names is reduced to 4 bytes.
5 years ago
exec ./main
avoid obfuscating literals set via -ldflags=-X The -X linker flag sets a string variable to a given value, which is often used to inject strings such as versions. The way garble's literal obfuscation works, we replace string literals with anonymous functions which, when evaluated, result in the original string. Both of these features work fine separately, but when intersecting, they break. For example, given: var myVar = "original" [...] -ldflags=-X=main.myVar=replaced The -X flag effectively replaces the initial value, and -literals adds code to be run at init time: var myVar = "replaced" func init() { myVar = func() string { ... } } Since the init func runs later, -literals breaks -X. To avoid that problem, don't obfuscate literals whose variables are set via -ldflags=-X. We also leave TODOs about obfuscating those in the future, but we're also leaving regression tests to ensure we get it right. Fixes #323.
3 years ago
cmp stdout main.stdout
! binsubstr main$exe 'unexportedVersion' 'ExportedUnset'
binsubstr main$exe 'v1.22.33' 'garble_replaced' # TODO: obfuscate injected strings too
binsubstr main$exe 'kept_before' 'kept_after' # TODO: obfuscate strings near ldflags vars
Rewrite renaming logic for private names and reduce length of public names (#135) 1. Now private names are obfuscated based on the counter in scope of the package. 2. The length of public names is reduced to 4 bytes.
5 years ago
testdata: remove some unnecessary execs (#267) Our use of go-internal's gotooltest.Setup means that "go" is set up as a top-level command in the scripts, so we can simply "go build" instead of having to "exec go build". The result is practically the same, but the scripts are simpler. While at it, I had left an "exec cat" behind; remove it.
4 years ago
go build -ldflags=${LDFLAGS}
support -ldflags=-X=pkg.name=str with garbled names Because the linker has access to all the build IDs, just like the compiler, we can support this transparently. Add a test too. Fixes #21.
5 years ago
exec ./main
avoid obfuscating literals set via -ldflags=-X The -X linker flag sets a string variable to a given value, which is often used to inject strings such as versions. The way garble's literal obfuscation works, we replace string literals with anonymous functions which, when evaluated, result in the original string. Both of these features work fine separately, but when intersecting, they break. For example, given: var myVar = "original" [...] -ldflags=-X=main.myVar=replaced The -X flag effectively replaces the initial value, and -literals adds code to be run at init time: var myVar = "replaced" func init() { myVar = func() string { ... } } Since the init func runs later, -literals breaks -X. To avoid that problem, don't obfuscate literals whose variables are set via -ldflags=-X. We also leave TODOs about obfuscating those in the future, but we're also leaving regression tests to ensure we get it right. Fixes #323.
3 years ago
cmp stdout main.stdout
binsubstr main$exe 'unexportedVersion' 'ExportedUnset' 'v1.22.33' 'garble_replaced'
support -ldflags=-X=pkg.name=str with garbled names Because the linker has access to all the build IDs, just like the compiler, we can support this transparently. Add a test too. Fixes #21.
5 years ago
-- go.mod --
add a regression test for #82 The test case we had didn't have a realistic-looking module path with a dot, so we hadn't noticed the bug with IndexByte. Fix that. We verified that the new test fails if we undo the fix.
5 years ago
module domain.test/main
testdata: don't let tests rely on rewriting mod files In Go 1.15, if a dependency is required but not listed in go.mod/go.sum, it's resolved and added automatically. This is changing in 1.16. From that release, one will have to explicitly update the mod files via 'go mod tidy' or 'go get'. To get ahead of the curve, start using -mod=readonly to get the same behavior in 1.15, and fix all existing tests. The only tests that failed were imports.txt and syntax.txt, the only ones to require other modules. But since we're here, let's add the 'go' line to all go.mod files as well.
5 years ago
drop support for Go 1.16.x We can now use pruned module graphs in go.mod files, and we no longer need to worry about runtime/internal/sys. Note that I had to update testdata/mod slightly, as the new pruned module graphs algorithm downloads an extra go.mod file. This change also paves the way towards future Go 1.18 support. Thanks to lu4p for cleaning up two TODOs as well. Co-Authored-By: lu4p <lu4p@pm.me>
4 years ago
go 1.17
support -ldflags=-X=pkg.name=str with garbled names Because the linker has access to all the build IDs, just like the compiler, we can support this transparently. Add a test too. Fixes #21.
5 years ago
-- main.go --
package main
import (
avoid obfuscating literals set via -ldflags=-X The -X linker flag sets a string variable to a given value, which is often used to inject strings such as versions. The way garble's literal obfuscation works, we replace string literals with anonymous functions which, when evaluated, result in the original string. Both of these features work fine separately, but when intersecting, they break. For example, given: var myVar = "original" [...] -ldflags=-X=main.myVar=replaced The -X flag effectively replaces the initial value, and -literals adds code to be run at init time: var myVar = "replaced" func init() { myVar = func() string { ... } } Since the init func runs later, -literals breaks -X. To avoid that problem, don't obfuscate literals whose variables are set via -ldflags=-X. We also leave TODOs about obfuscating those in the future, but we're also leaving regression tests to ensure we get it right. Fixes #323.
3 years ago
"fmt"
add a regression test for #82 The test case we had didn't have a realistic-looking module path with a dot, so we hadn't noticed the bug with IndexByte. Fix that. We verified that the new test fails if we undo the fix.
5 years ago
"domain.test/main/imported"
support -ldflags=-X=pkg.name=str with garbled names Because the linker has access to all the build IDs, just like the compiler, we can support this transparently. Add a test too. Fixes #21.
5 years ago
)
var unexportedVersion = "unknown"
avoid obfuscating literals set via -ldflags=-X The -X linker flag sets a string variable to a given value, which is often used to inject strings such as versions. The way garble's literal obfuscation works, we replace string literals with anonymous functions which, when evaluated, result in the original string. Both of these features work fine separately, but when intersecting, they break. For example, given: var myVar = "original" [...] -ldflags=-X=main.myVar=replaced The -X flag effectively replaces the initial value, and -literals adds code to be run at init time: var myVar = "replaced" func init() { myVar = func() string { ... } } Since the init func runs later, -literals breaks -X. To avoid that problem, don't obfuscate literals whose variables are set via -ldflags=-X. We also leave TODOs about obfuscating those in the future, but we're also leaving regression tests to ensure we get it right. Fixes #323.
3 years ago
var notReplacedBefore, replacedWithEmpty, notReplacedAfter = "kept_before", "original", "kept_after"
add support for -ldflags using quotes In particular, using -ldflags with - In particular, a command like: garble -literals build -ldflags='-X "main.foo=foo bar"' would fail, because we would try to use "\"main" as the package name for the -X qualified name, with the leading quote character. This is because we used strings.Split(ldflags, " "). Instead, use the same quoted.Split that cmd/go uses, copied over thanks to x/tools/cmd/bundle and go:generate. Updates #492.
3 years ago
var replacedWithSpaces = "original"
support -ldflags=-X=pkg.name=str with garbled names Because the linker has access to all the build IDs, just like the compiler, we can support this transparently. Add a test too. Fixes #21.
5 years ago
func main() {
avoid obfuscating literals set via -ldflags=-X The -X linker flag sets a string variable to a given value, which is often used to inject strings such as versions. The way garble's literal obfuscation works, we replace string literals with anonymous functions which, when evaluated, result in the original string. Both of these features work fine separately, but when intersecting, they break. For example, given: var myVar = "original" [...] -ldflags=-X=main.myVar=replaced The -X flag effectively replaces the initial value, and -literals adds code to be run at init time: var myVar = "replaced" func init() { myVar = func() string { ... } } Since the init func runs later, -literals breaks -X. To avoid that problem, don't obfuscate literals whose variables are set via -ldflags=-X. We also leave TODOs about obfuscating those in the future, but we're also leaving regression tests to ensure we get it right. Fixes #323.
3 years ago
fmt.Printf("version: %q\n", unexportedVersion)
fmt.Printf("becomes empty: %q\n", replacedWithEmpty)
add support for -ldflags using quotes In particular, using -ldflags with - In particular, a command like: garble -literals build -ldflags='-X "main.foo=foo bar"' would fail, because we would try to use "\"main" as the package name for the -X qualified name, with the leading quote character. This is because we used strings.Split(ldflags, " "). Instead, use the same quoted.Split that cmd/go uses, copied over thanks to x/tools/cmd/bundle and go:generate. Updates #492.
3 years ago
fmt.Printf("becomes string with spaces: %q\n", replacedWithSpaces)
avoid obfuscating literals set via -ldflags=-X The -X linker flag sets a string variable to a given value, which is often used to inject strings such as versions. The way garble's literal obfuscation works, we replace string literals with anonymous functions which, when evaluated, result in the original string. Both of these features work fine separately, but when intersecting, they break. For example, given: var myVar = "original" [...] -ldflags=-X=main.myVar=replaced The -X flag effectively replaces the initial value, and -literals adds code to be run at init time: var myVar = "replaced" func init() { myVar = func() string { ... } } Since the init func runs later, -literals breaks -X. To avoid that problem, don't obfuscate literals whose variables are set via -ldflags=-X. We also leave TODOs about obfuscating those in the future, but we're also leaving regression tests to ensure we get it right. Fixes #323.
3 years ago
fmt.Printf("should be kept: %q, %q\n", notReplacedBefore, notReplacedAfter)
fmt.Printf("no longer unset: %q\n", imported.ExportedUnset)
support -ldflags=-X=pkg.name=str with garbled names Because the linker has access to all the build IDs, just like the compiler, we can support this transparently. Add a test too. Fixes #21.
5 years ago
}
-- imported/imported.go --
package imported
avoid obfuscating literals set via -ldflags=-X The -X linker flag sets a string variable to a given value, which is often used to inject strings such as versions. The way garble's literal obfuscation works, we replace string literals with anonymous functions which, when evaluated, result in the original string. Both of these features work fine separately, but when intersecting, they break. For example, given: var myVar = "original" [...] -ldflags=-X=main.myVar=replaced The -X flag effectively replaces the initial value, and -literals adds code to be run at init time: var myVar = "replaced" func init() { myVar = func() string { ... } } Since the init func runs later, -literals breaks -X. To avoid that problem, don't obfuscate literals whose variables are set via -ldflags=-X. We also leave TODOs about obfuscating those in the future, but we're also leaving regression tests to ensure we get it right. Fixes #323.
3 years ago
var (
ExportedUnset, AnotherUnset string
otherVar int
)
-- main.stdout --
version: "v1.22.33"
becomes empty: ""
add support for -ldflags using quotes In particular, using -ldflags with - In particular, a command like: garble -literals build -ldflags='-X "main.foo=foo bar"' would fail, because we would try to use "\"main" as the package name for the -X qualified name, with the leading quote character. This is because we used strings.Split(ldflags, " "). Instead, use the same quoted.Split that cmd/go uses, copied over thanks to x/tools/cmd/bundle and go:generate. Updates #492.
3 years ago
becomes string with spaces: " foo bar "
avoid obfuscating literals set via -ldflags=-X The -X linker flag sets a string variable to a given value, which is often used to inject strings such as versions. The way garble's literal obfuscation works, we replace string literals with anonymous functions which, when evaluated, result in the original string. Both of these features work fine separately, but when intersecting, they break. For example, given: var myVar = "original" [...] -ldflags=-X=main.myVar=replaced The -X flag effectively replaces the initial value, and -literals adds code to be run at init time: var myVar = "replaced" func init() { myVar = func() string { ... } } Since the init func runs later, -literals breaks -X. To avoid that problem, don't obfuscate literals whose variables are set via -ldflags=-X. We also leave TODOs about obfuscating those in the future, but we're also leaving regression tests to ensure we get it right. Fixes #323.
3 years ago
should be kept: "kept_before", "kept_after"
no longer unset: "garble_replaced"