Function parameters not fully obfuscated?

liftoff / pyminifier

Pyminifier is a Python code minifier, obfuscator, and compressor.

GNU General Public License v3.0

1.45k stars 223 forks source link

Function parameters not fully obfuscated? #98

Open MewX opened 6 years ago

MewX commented 6 years ago

Hi, I'm using version 2.1.

Part of my codes look like this:

payload = '{"device":"xxx","id":"' + uuid + '","org":"yyy"}'
r = requests.post("https://xxx", data=payload, headers=headers, verify=False)

After many attempts, the codes after pyminifier -O always look like this:

c='{"device":"xxx","id":"'+q+'","org":"yyy"}'
r=a("https://xxx",data=payload,headers=headers,verify=P)

As you can see the variable payload and headers were not obfuscated, and that introduced the following error:

NameError: name 'payload' is not defined

Thanks!

DGHC commented 5 years ago

I'm having the exact same issue but finding very little online in terms of solutions. @MewX - did you ever find a solution? This is rendering pyminifier useless, which is a shame as it's great otherwise.

MewX commented 5 years ago

@Jowls1 Nah, I probably was stupid, but I rewrote my codes in GoLang and that solved my problem. :unamused:

bdaugrois commented 5 years ago

Somewhat late, but I've found a workaround this same issue for pyminifer 2.1.

There is an erroneous check for equal sign outside parentheses before replacing the variable, which fails whenever a keyword argument is used inside a function call.

In module pyminifier.obfuscate.py I replaced line 416 elif right_of_equal and not inside_parens: by elif right_of_equal:

This correctly replaces all variable names used as keyword arguments. Note that it might cause unforeseen errors related to other edge cases !