Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

reflection detection doesn't work for structs containing functions which return structs #817

Closed
lu4p opened this issue Dec 6, 2023 · 0 comments
Closed

reflection detection doesn't work for structs containing functions which return structs #817

lu4p opened this issue Dec 6, 2023 · 0 comments
Assignees
@lu4p
Labels
bug Something isn't working reflection

Comments

@lu4p
Copy link
Member

lu4p commented Dec 6, 2023

While debugging #690 I found another case where reflection detection breaks down.

This is mostly a constructed esoteric case, however I want to save it for future reference.

This:

func closure() {
	type gobAlias struct {
		Security func() struct {
			Pad bool
		}
	}

	alias := gobAlias{}

	gob.NewEncoder(os.Stdout).Encode(alias)

	outer := func() func() struct{ Pad bool } {
		return func() struct{ Pad bool } {
			return struct{ Pad bool }{Pad: true}
		}
	}

	alias.Security = outer()
}

becomes:

func j4wwfVoxrQ3U() {
	type gobAlias struct {
		Security func() struct {
			CyKzfu_6PMml bool
		}
	}

	zHwfgoTGbS := gobAlias{}

	 /*line pO5sQyOpjxG.go:1*/ gob.Z86VmnB5d5(os.E09Xl1y).Encode(zHwfgoTGbS)

	lSqYMFQpWJG := func() func() struct{ CyKzfu_6PMml bool } {
		return func() struct{ CyKzfu_6PMml bool } {
			return struct{ CyKzfu_6PMml bool }{CyKzfu_6PMml: true}
		}
	}

	zHwfgoTGbS.Security =  /*line FquOVyLxB.go:1*/ lSqYMFQpWJG()
}

In an ideal world the return type shouldn't be obfuscated anywhere.
@lu4p lu4p added the bug Something isn't working label Dec 6, 2023
@lu4p lu4p self-assigned this Dec 6, 2023
@lu4p lu4p mentioned this issue Oct 28, 2024
Closed
lu4p added a commit that referenced this issue Nov 26, 2024
@lu4p
revised reflection handling
e982a61 
Instead of excluding specific names from obfuscation "all" names are now  obfuscated.

For reflected names, a mapping to the original name is injected in internal/abi to resolve them correctly.

Fixes #884, #799, #817, #881, #858, #843, #842

Closes #406
lu4p added a commit that referenced this issue Nov 26, 2024
@lu4p
revised reflection handling
7eb700c 
Instead of excluding specific names from obfuscation "all" names are now  obfuscated.

For reflected names, a mapping to the original name is injected in internal/abi to resolve them correctly.

Fixes #884, #799, #817, #881, #858, #843, #842

Closes #406
lu4p added a commit that referenced this issue Nov 27, 2024
@lu4p
revised reflection handling
07aa888 
Instead of excluding specific names from obfuscation "all" names are now  obfuscated.

For reflected names, a mapping to the original name is injected in internal/abi to resolve them correctly.

Fixes #884, #799, #817, #881, #858, #843, #842

Closes #406
lu4p added a commit that referenced this issue Nov 27, 2024
@lu4p
revised reflection handling
a4dc374 
Instead of excluding specific names from obfuscation "all" names are now  obfuscated.

For reflected names, a mapping to the original name is injected in internal/abi to resolve them correctly.

Fixes #884, #799, #817, #881, #858, #843, #842

Closes #406
lu4p added a commit that referenced this issue Nov 27, 2024
@lu4p
revised reflection handling
18fcf7c 
Instead of excluding specific names from obfuscation "all" names are now  obfuscated.

For reflected names, a mapping to the original name is injected in internal/abi to resolve them correctly.

Fixes #884, #799, #817, #881, #858, #843, #842

Closes #406
lu4p added a commit that referenced this issue Nov 27, 2024
@lu4p
revised reflection handling
6ad5929 
Instead of excluding specific names from obfuscation "all" names are now  obfuscated.

For reflected names, a mapping to the original name is injected in internal/abi to resolve them correctly.

Fixes #884, #799, #817, #881, #858, #843, #842

Closes #406
lu4p added a commit that referenced this issue Nov 27, 2024
@lu4p
revised reflection handling
f7e59c3 
Instead of excluding specific names from obfuscation "all" names are now  obfuscated.

For reflected names, a mapping to the original name is injected in internal/abi to resolve them correctly.

Fixes #884, #799, #817, #881, #858, #843, #842

Closes #406
lu4p added a commit that referenced this issue Nov 27, 2024
@lu4p
revised reflection handling
e31525c 
Instead of excluding specific names from obfuscation "all" names are now  obfuscated.

For reflected names, a mapping to the original name is injected in internal/abi to resolve them correctly.

Fixes #884, #799, #817, #881, #858, #843, #842

Closes #406
lu4p added a commit that referenced this issue Nov 27, 2024
@lu4p
obfuscate all names used in reflection
70d7267 
Go code can retrieve and use field and method names via the `reflect` package.
For that reason, historically we did not obfuscate names of fields and methods
underneath types that we detected as used for reflection, via e.g. `reflect.TypeOf`.

However, that caused a number of issues. Since we obfuscate and build one package
at a time, we could only detect when types were used for reflection in their own package
or in upstream packages. Use of reflection in downstream packages would be detected
too late, causing one package to obfuscate the names and the other not to, leading to a build failure.

A different approach is implemented here. All names are obfuscated now, but we collect
those types used for reflection, and at the end of a build in `package main`,
we inject a function into the runtime's `internal/abi` package to reverse the obfuscation
for those names which can be used for reflection.

This does mean that the obfuscation for these names is very weak, as the binary
contains a one-to-one mapping to their original names, but they cannot be obfuscated
without breaking too many Go packages out in the wild. There is also some amount
of overhead in `internal/abi` due to this, but we aim to make the overhead insignificant.

Fixes #884, #799, #817, #881, #858, #843, #842

Closes #406
lu4p added a commit that referenced this issue Nov 27, 2024
@lu4p
obfuscate all names used in reflection
926f3de 
Go code can retrieve and use field and method names via the `reflect` package.
For that reason, historically we did not obfuscate names of fields and methods
underneath types that we detected as used for reflection, via e.g. `reflect.TypeOf`.

However, that caused a number of issues. Since we obfuscate and build one package
at a time, we could only detect when types were used for reflection in their own package
or in upstream packages. Use of reflection in downstream packages would be detected
too late, causing one package to obfuscate the names and the other not to, leading to a build failure.

A different approach is implemented here. All names are obfuscated now, but we collect
those types used for reflection, and at the end of a build in `package main`,
we inject a function into the runtime's `internal/abi` package to reverse the obfuscation
for those names which can be used for reflection.

This does mean that the obfuscation for these names is very weak, as the binary
contains a one-to-one mapping to their original names, but they cannot be obfuscated
without breaking too many Go packages out in the wild. There is also some amount
of overhead in `internal/abi` due to this, but we aim to make the overhead insignificant.

Fixes #884, #799, #817, #881, #858, #843, #842

Closes #406
@lu4p lu4p closed this as completed Nov 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lu4p lu4p

Labels
bug Something isn't working reflection
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lu4p