search

svent / jsdetox

A Javascript malware analysis tool
https://svent.dev/projects/jsdetox/
591 stars 79 forks source link

monkey_patch error in visit_VarStatementNode #6

Closed 0x4a616e closed 11 years ago

0x4a616e commented 11 years ago

JavaScript in for loops can get invalid after reformatting or during analysis:

for(var i,j = 0; j < 10; j++) { /**/ }

will be changed to

for(var i;
var j = 0; j < 10; j++) { /**/ }
svent commented 11 years ago

Thanks for your report! I can reproduce this bug and will look into it as soon as I find time.

apolkosnik-old commented 11 years ago

I'm not claiming to be Ruby-literate here, but I guess this bug might might be more gracefully fixed upstream in visit_ForNode() in https://github.com/tenderlove/rkelly/blob/master/lib/rkelly/visitors/ecma_visitor.rb if I read how it deals with the init part of for loops.

svent commented 11 years ago

RKelly handles for nodes correctly, this bug was introduced in the monkey patch code of JSDetox. I will commit a fix within a few minutes...