I am wondering if there is a way to restrict a c++ compiled wasm file to NOT be able to call any javascript from within the c++ code. The idea is to prove to the user that the c++ wasm compiled file is not calling any javascript methods from within c++ i.e. it is only taking the input that has been provided from javascript trough some linear memory input working on it an giving back some result, but during that process no call should be possible to java script from within the c++ code. i.e. to put the wasm in some kind of jail mode where the binary is not able to call any javascript AT ALL! This is important in cases where the wasm produces itself some binary output, and it is unknown what is in that output. Basically i want to make sure that the "add2Strings" method that is called on the webassembly is not doing something else except adding "String1+String2" and returning some ByteBuffer/vector that represent the result (String1+String2) and not something like "String1+String2+FingerprintString+emailAddress" which can later be send trough javascript over the network god knows where.
I am wondering if there is a way to restrict a c++ compiled wasm file to NOT be able to call any javascript from within the c++ code
This is already default WebAssembly behavior. It can't execute any JavaScript function that you don't explicitly pass to it in the imports object.
Related
I am trying to use some functions from a code that has been obfuscated. So i have an html file that is calling a JS file thru the tag:
<script src="gwt_svg_viewer/gwt_svg_viewer.nocache.js"></script>
that file is defining a function called "onScriptdownloaded" which receives a string like this:
gwt_svg_viewer.onScriptDownloaded(["var $wnd = window.parent;function RE(){}"]);
So my question is how can i access to RE? in another JS file?
It seems that there was a kind of GWT code implemented, but i am not really familiar with that.
Variable names and functions in gwt will be obfuscated every time you compile your project, and variables and functions will be renamed in the process, in order to call a gwt code from javascript in a consistence manner you will need to use jsinterop to export java types. more information can be found in the gwt jsinterop documentation
Sorry if this is a trivial question, so if this has already been asked, please direct me to the question.
I know that the tostring method in javascript, if called on a function will print the source code (more about it: link). Is it possible to do the same thing in Java?
So if I have the following identity function definition:
public class class1 {
int f1(int x){
return x;
}
}
And the following main function:
class Main {
public static void main(String args[]) {
class1 c1 = new class1();
????
}
}
Is there anything I can put in place of '????' that would print something like
int f1(int x){
return x;
}
Disclaimer: I'm not an expert at Java, or any programming language for that matter. However, I do know how to find information online.
This concept does not seem very doable within Java. To start:
JavaScript is an interpreted language, not a compiled language. A program such as C++ or Java needs to be compiled before it is run. The source code is passed through a program called a compiler, which translates it into bytecode that the machine understands and can execute. In contrast, JavaScript has no compilation step. Instead, an interpreter in the browser reads over the JavaScript code, interprets each line, and runs it. More modern browsers use a technology known as Just-In-Time (JIT) compilation, which compiles JavaScript to executable bytecode just as it is about to run.
Basically, JavaScript has the advantage of reading directly from the file with the source code, and executing it on the fly. Compiled languages such as Java won't have that sort of functionality built in by default for many reasons, including security. An application should be able to run without allowing hackers access to its source code as much as possible.
There have been attempts at doing various forms of what you're interested in, but the two easiest methods seem to be
Printing the original .java file line by line
Storing a string reference to the entire code or the method(s) required.
It also seems possible to print the method name, but not the body.
Aside from that, the only thing you might be able to get from a compiled, running java program, is bytecode, which would require a decompiler to have any hope of understanding the source behind it.
You can continue reading up on it through a few of the links here:
How do I print the method body reflectively?
Save a method into a variable, java 8
View a method's implementation (method body) using Java Reflection
Probably yes, but not a trivial one with a ready command. JavaScript is an interpreted language where the executing environment has access to the source code in its original form. That is how you can inspect it in a browser console and see the same variable names as are in the source code.
While the compiled/interpreted distinction is fuzzy for Java, it is definitely modified before execution. The bytecode used by Java's Just-in-Time compilation may be more readable than a fully compiled binary file, it is not the source. If the running program does not have access to the source code, it is less able to output it. A debugger running in an IDE can reference problems in the source; otherwise, you are limited to debugging the bytecodes.
This is why Keno Clayton suggested the question on Quine programs, which are meant to reproduce themselves. This answer outputs the source code by hard-coding it as a class attribute. You could take a similar approach with a pre-compilation script that went through all the methods and made strings out of their sources, but the result would be bulky and potentially sensitive.
I have a piece of javaScript that works (alongside html) to produce the GUI for a program written in C++. The program has to run for a long time (Sometimes 14/15 days, without monitoring).
The C++ and javaScript communicate by writing to/reading from a XML file.
After running the program for over 24 hours at a time, I've noticed the occasional javaScript error appearing 'someArray[...].name' is null or not an object.
Now: These are all arrays that are filled with information taken from the XML file, written by the C++. The contents of these arrays are refreshed every few seconds (To update information in the GUI 'live').
Question is: Could these errors be caused by an access/timer problem as in --> The javaScript starts reading a line from the XML just as the C++ swoops in and rewrites that line. Therefore information is parsed into the javaScript arrays with some illegal characters (etc) which when accessed throws the errors?
Hope that all makes sense. Thanks.
Your suggestion seems to provide a plausible explanation of what's happening.
You're probably seeing a race condition.
To fix it, you could implement a synchronization mechanism between C++ and JS.
The simplest form of sync I can think of is creating a second file each time C++ writes to your main XML file (this file acts as a lock). JS waits for the lock file to disappear before reading the XML. The same is done on the C++ side.
Sample code:
C++:
while(programRunning) {
do stuff;
// Now it's time to write XML
while("lockCpp.txt" exists)
; // Do nothing, JS is reading
create file "lockJS.txt";
write to xml;
delete file "lockJS.txt";
}
JavaScript:
while(programRunning) {
do stuff;
// Now it's time to read XML
while("lockJS.txt" exists)
; // Do nothing
create file "lockCpp.txt";
read xml;
delete file "lockCpp.txt";
}
This should in practice eliminate race conditions (though some are theoretically, possible, but unlikely).
Should JS not be allowed to write to the file system, then you could remove one of the lock files (lockCpp.txt) and, if the reading on the JS side is normally faster then the writing, it should still eliminate most conflicts.
EDIT after comment:
If you only have access to JS, you could check that the XML document is complete when reading, e.g. the root element is correcly matched by a </rootElementName> at the end.
That will ensure the file write is complete provided C++ doesn't do writes at random locations, but always rewrites the whole document.
Another route would be checking the file is not changing over time. If C++ only sporadically writes to XML, you can read it a few times over a few, say, seconds, and, if unchanged, use the read value. If changed, keep waiting.
HTH
I have a to do a game launcher.
I use a QWebview initialized in c++ and I use javascript / Html to build my menus.
I want to execute a binary in filesystem when I click on a button.
Is it possible ? I didn't find any solution.
You can use QWebFrame::addToJavaScriptWindowObject() to make a C++ object visible from Javascript code in your page.
Create a C++ object and add a slot to that object that uses QProcess to start the binary you want. Make it visible calling addToJavaScriptWindowObject(). Now you can call the slot from javascript code and pass the path to the binary in it.
Hy,
I'm working at a project that must call from C++ a custom function made in JavaScript. I'm able to run the function
The project should work only on Windows (actually it's a Windows service), so it's ok to use interfaces IWebBrowser2 and IHtmlDocument2
The function's signature is string function(string). I'm able to run the function in C++, based on this tutorial (I'm using IWebBrowser2 and IHtmlDocument2 interface), but I'm not able to get the output from that JS function back in C++.
Is there any method to retrieve the output from that JS function back in C++, using those interfaces? ( or maybe other)
Thank you,
I'll answer to my own question, if someone will have the same question:
Short answer is you can't obtain the output of javascript script using these interfaces. The IWebBrowser2 and IHtmlDocument are running in a context based on IE, so you can't obtain the output of running scripts.
The solutions for this problem are:
V8 or SpiderMonkey
Active Script Interfaces
If you plan to use V8 in your application, the basic example for calling a function is provided at Calling a v8 javascript function from c++ with an argument (But, be aware of the Dispose() function, which is wrongly placed)
If you plan to use Active Script Interfaces, the basic example is provided at Run JavaScript function from C++ without MFC . It's a useful example that shows how to run a JavaScript function.