{"toString":[...]} does not return correct return value

mindedsecurity / JStillery

Advanced JavaScript Deobfuscation via Partial Evaluation

GNU General Public License v3.0

864 stars 144 forks source link

{"toString":[...]} does not return correct return value #2

Open masatokinugawa opened 6 years ago

masatokinugawa commented 6 years ago

""+{toString:function(){ return "" }} or ""+{valueOf:function(){ return "" }} should return "" but JStillery returns "[object Object]". The following code should execute alert(/pass/) but due to this behavior an inifinity loop happens on JStillery.

x = ""+{
    toString: function() {
        return "";
    }
};
if (x) {
    Function("while(1){};return;")();
} else {
    alert(/pass/);
}

wisec commented 6 years ago

Hi @masatokinugawa , thanks! ATM toString/valueOf override and native functions overwrite are not supported, I don't plan to add them soon but it's definitely an important feature to be in the project!