search

mindedsecurity / JStillery

Advanced JavaScript Deobfuscation via Partial Evaluation
GNU General Public License v3.0
862 stars 143 forks source link

Eval issues #28

Closed DayDun closed 5 years ago

DayDun commented 5 years ago

Eval places an unnecessary semicolon leading to a syntax error:

([] + eval("5 + 5"))[0]
([] + 10;)[0];

Other unexpected behavior:

eval("5") + "test";
eval("") + "test";
'undefinedtest';
({
}); + 'test';

It would also be great if more complex forms of function construction were supported, like:

[].filter.constructor("return 5 + 5")();
Array.prototype.filter.constructor("return 5 + 5")();
Array.prototype.constructor.constructor("return 5 + 5")();
wisec commented 5 years ago

Hey @DayDun thanks for reporting this! Fixed the eval issue!

About the constructors request, I'll consider to add an option for resolving them as opt-in.

Thanks!