I want to check whether a given Javascript variable goes is used by any IF statements inside the program. Is there a way to dynamically do this rather than pure static code analysis.
Am not reading any file here. Lets say that I can inject a piece of JS code using some extension during run time and dynamically find if a given variable goes through an IF statement.
This is a bad idea. There are lots of things that could go wrong. You could look into sandboxing.
But, as long as you aren't relying on this for security, you might find this useful:
var x = function (a, b, c) { if(a) {console.log(a)}};
var y = function (a, b, c) { if(b) {console.log(a)}};
// You can get the text of a function. Notice it's been formatted.
console.log(x.toString());
>>> "function (a, b, c) { if (a) { console.log(a) } }"
var matcher = /if ?\(.?a.?\)/g;
x.toString().match(matcher);
>>> ["if (a)"]
y.toString().match(matcher);
>>> null
Things to be careful of, off the top of my head:
Different browsers may format the code differently.
Variables can be aliased by assigning them to a different name.
Variables can be accessed by index-access and strings.
This is a naïve regular expression and will obviously match if (nota).
Your javascript will be visible, so anyone who wants to get round this will find a way.
Related
I'm trying to read through some source code on the internet, and I'm getting confused because the author defined a function as:
var _0x80a1 = function (x, a) {...}
But then only calls it using statements like this:
_0x80a1("0x0")
How does that work?
JavaScript parameters are optional you don't need to pass them. So you can do something like this:
function multiply(a, b) {
if(typeof b === 'undefined') {
b = 10;
}
return a * b;
}
console.log(multiply(5));
// expected output: 50
In newer versions of JS you can also do default parameters like this:
function multiply(a, b = 10) {
return a * b;
}
console.log(multiply(5));
// expected output: 50
No function "requires" an argument in JavaScript. It's not a strongly typed language.
I might be typing out of my own butt, but I think function's arguments are syntactic sugar in JS. You can always pass any amount of arguments, regardless of the function's "signature", because the only thing that identifies a function in JS, is its name (and the object on which it is called). That is why, the arguments object exists.
So, as others pointed it out, the second, third, or any other argument that wasn't given will simply be undefined.
An answer on this subject with examples
In ,JavaScript function parameters are optional.If your'e not making use of 'a' inside your function then JS compiler don't care about that.If your'e making use of 'a' inside your function then you will encounter some error like "a is undefined".
function (x,a=10){
}
You can set default parameters like this.Now even if your'r passing one parameter to your function it will run without any errors
I was curious so tried to understand this a bit so I could try to answer.
The variable _8x80a1 is a literal bit definition (https://www.hexadecimaldictionary.com/hexadecimal/0x80A1/) representing e.g. 32929 in decimal.
I'm guessing JS internally numbers all functions when its run. This leaves an entire integer (32766) 'vanilla' functions that can be compiled before using a literal as a function name might cause a conflict.
So the 'x' in the function def. looks like it's passing a string, but it might be just calling 'Function #0' in the _8x80a1 var/function. This would make sense if the function contains multiplpe 'sub functions', as then the 'a' variable can be an object collection (e.g. parameters), that can be passed to the sub-function.
Roughtly, I think .. Not used JS for a whilst and just thought I'd try to help answer! ;-) Essentially a compact way to make a toolkit you can copy between projects, and know your references will all work as expected to your tools, without disrupting e.g. jQuery or other scripts. (Wouldn't be surprised if this is how JS is minified actually ;)).
Chris
In Javascript, local variables do not live on any object that I'm aware of. That is,
function foo() {
const x = 2;
self.x; // undefined
this.x; // undefined
window.x; // undefined
x; // 2, obviously
eval('x'); // 2
}
The last option eval('x') shows that it is possible to refer to these variables by name. I'm looking to extend this and access a variable using a name pattern:
function foo() {
// Code not under my direct control
function foobar_abc() {}
function other_functions() {}
// Code under my control
const matchingFunction = // find the function with name matching 'foobar_*'
}
If this lived on an object, I would use something like myObject[Object.keys(myObject).find((key) => key.startsWith('foobar_'))]. If it were in the global scope, myObject would be window and everything works.
The fact that eval is able to access the variable by name implies that the value is available somewhere. Is there any way to find this variable? Or must I resort to techniques which re-write the (potentially very complex) code which is not under my direct control?
I'm targeting modern browsers, and in this use case I don't mind using eval or similarly hacky solutions. Arbitrary code is already being executed, because the execution of user-provided code is the purpose.
Another option is to use code parsing to deduce the function names using a javascript AST (abstract syntax tree) library. The "esprima" package will probably be good place to look:
https://www.npmjs.com/package/esprima
So you can do
import esprima from 'esprima'
const userCodeStructure = esprima.parseScript( userProvidedJavascriptString );
const allTopLevelFunctionDeclarations = userCodeStructure.body.filter( declaration => declaration.type === "FunctionDeclaration" );
const allTopLevelFunctionNames = allTopLevelFunctionDeclarations.map( d => d.id );
I haven't tried this myself by the documentation suggests it should work (or something like it):
http://esprima.readthedocs.io/en/latest/
One possible approach that might help you here is to evaluate at global scope rather than in a function, and that might put the functions on the window object instead of in local scope.
Easiest way to do this is probably to write a new tag into the document and inject the user-provided code.
Relying on variable names is the wrong approach.
eval is evil. It may not be available under CSP. Considering that the code is supposed to run in browser, the biggest problem is that variables don't have expected names in minified code. They are a, b, c...
In order to maintain their names, they should be object properties - and so they will be available on the object.
Or must I resort to techniques which re-write the (potentially very complex) code
This is refactoring and that's what should be done to avoid bad code that smells and creates major problems.
In Swift we can assign a variable as we evaluate the existence of a potential value, such as:
if let x = y {
// do something with x
}
Is there an equivalent in JavaScript?
There's no such equivalent solution in JavaScript, because there's no equivalent problem.
What you're demonstrating is conditional binding, which exists to allow you to create a non-optional value (x, in your example), out of an optional value (y). There's no such need in Javascript, because all values are nullable, for better or for worse.
You just do a null check, like so:
if (y) {
}
Just as how you shouldn't write JavaScript code in Swift, you shouldn't write Swift code in JavaScript. It's a completely different languages, with completely different features, syntax, patterns and designs.
To create an IDE that would autocomplete all variables the user declares but would be oblivious to other variables such as Math.PI or even the module Math, the IDE would need to be able to identify all identifiers relating to variables declared by the user. What mechanism could be used to capture all such variables, assuming you already have access to the AST (Abstract Symbol Table) for the program?
I am using reflect.js (https://github.com/zaach/reflect.js) to generate the AST.
I think it's pretty much impossible
Here is why I think it's pretty much impossible without executing it:
Let us go through the unexplored parts, from easy to hard.
Easy to catch:
Function scope is missed here:
(function(x){
//x is now an object with an a property equal to 3
// for the scope of that IIFE.
x;
})({a:3});
Here is some fun dirty tricks for you all.:
Introducing... drum roll... Block Scoping!!
with({x:3}){
x;//x is now declared in the scope of that with and is equal to 3.
}
try{ throw 5}catch(x){
x // x is now declared in the scope of the try block and is equal to 5;
}
(people reading: I beg you to please not use these last two for actual scoping in code :))
Not easy:
Bracket notation:
var n = "lo";
a["h"+"e"+"l"+n] = "world"; // need to understand that a.hello is a property.
// not a part of the ast!
The really hard parts:
Let us not forget invoking the compiler These would not show up in the AST:
eval("var x=5"); // declares x as 5, just a string literal and a function call
new Function("window.x = 5")();// or global in node
In node.js this can also be done with the vm module. In the browser using document.write or script tag injection.
What else? Of course they can obfuscate all they want:
new Function(["w","i","n","dow.x"," = ","5"].join(""))(); // Good luck finding this!
new Function('new Function(["w","i","n","dow.x"," = ","5"].join(""))()')();// Getting dizzy already?
So what can be done?
Execute the code, once, in a closed, timed environment when you update the symbol table (just the relevant parts)
See what's the generated symbol table is from the execution
Boom, you got yourself a symbol table.
This is not reliable but it's probably as close as you get.
The only other alternative I can think of, which is what most IDEs are doing is to simply ignore anything that is not:
object.property = ... //property definition
var a = ... //scoped
b = ... //global, or error in strict mode
function fn(){ //function declaration
object["property"] //property with a _fixed_ literal in bracket notation.
And also, function parameters.
I have seen no IDE that has been able to deal with anything but these. Since they're the most common by far, I think it's perfectly reasonable to count those.
By adding them onto am object that already exists....ie
window.mynewvar = 5;
function mynewfunc() {
}
I'm not sure whether this is just a bug or an intended feature.
Basically, I have this tiny function (I now see end is colored blue here but this works just fine, if I rename it to something else I still have the issue):
function f(a, b) {
var start = Math.min(a, b);
var end = Math.max(a, b);
tb.selectionStart = start;
tb.selectionEnd = end;
};
When closure-compiling it, I get:
function f(a,b){var c=Math.max(a,b);tb.selectionStart=Math.min(a,b);tb.selectionEnd=c};
However, why is selectionStart set to Math.min directly, whilst selecitonEnd is set to a variable (c), which is declared first? Isn't it shorter to do tb.selectionEnd=Math.max(a,b)?
Any ideas are appreciated.
EDIT: THERE IS AN "OFFICIAL" ANSWER IN THIS LINK:
https://web.archive.org/web/20151226143155/http://code.google.com/p/closure-compiler/issues/detail?id=410
I think an assignment to a variable, followed immediately by usage of that variable, can be inlined. However, if there is any statement in between that cannot be proven to be free of side-effects, then the compiler won't inline it.
In your case, assignment to variable "start" is separated from the usage of "start" only by the assignment statement to "end". However, this statement is free of side-effects since Math.max is an internal function and the compiler knows that it is side-effect-free.
However, in your case, assignment to variable "end" is separated from the usage of that variable by a statement, which is an assignment of "start" to a property. Now, I believe that the compiler does not assume that merely assigning to a property is always side-effect-free; that is because some properties, when assigned, actually cause different behavior, or change global state (such as RegExp). In some systems, property assignments actually trigger certain system-specific features (e.g. hardware interface) that may in-turn contain side-effects.
That is why, sometimes, when you have code like this:
foo.bar = 1;
foo.bar = 2;
foo.bar = 3;
The compiler won't eliminate the first two statements since assignment to "bar" may have side effects.
So, in your question, the variable "end" cannot be inlined because the statement tb.selectionStart = start; may have side effects (perhaps only in wierd cases).
If you make "tb" a local variable, or something that the compiler has complete control of (e.g. a simple object: var tb = {};), then you'll find that the compiler inlines all of the assignments just fine.
if you paste this code, this works.
function f(a, b) {
var start = Math.min(a, b);
tb.selectionStart = start;
var end = Math.max(a, b);
tb.selectionEnd = end;
};
function f(a,b){tb.selectionStart=Math.min(a,b);tb.selectionEnd=Math.max(a,b)};
i this is a mistake by closure compiler.