domainLock option patterns with leading dot character (`.example.co…

…m`) now cover root domains (`example.com`) in addition to all sub-domains (`sub.example.com`)
dgilling · Jul 26, 2020 · 2f04b37 · 2f04b37
1 parent 4049b5e
commit 2f04b37
Show file tree

Hide file tree

Showing 10 changed files with 187 additions and 55 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 Change Log
 
+v1.8.0
+---
+* `domainLock` option patterns with leading dot character (`.example.com`) now cover root domains (`example.com`) in addition to all sub-domains (`sub.example.com`). https://github.com/javascript-obfuscator/javascript-obfuscator/issues/640
+
 v1.7.0
 ---
 * `simplify` option now affects all block statements. Improved variable declarations merging.

diff --git a/README.md b/README.md
@@ -633,10 +633,10 @@ Type: `string[]` Default: `[]`
 
 ##### :warning: This option does not work with `target: 'node'`
 
-Locks the obfuscated source code so it only runs on specific domains and/or sub-domains. This makes really hard for someone to just copy and paste your source code and run it elsewhere.
+Allows to run the obfuscated source code only on specific domains and/or sub-domains. This makes really hard for someone to just copy and paste your source code and run it elsewhere.
 
 ##### Multiple domains and sub-domains
-It's possible to lock your code to more than one domain or sub-domain. For instance, to lock it so the code only runs on **www.example.com** add `www.example.com`. To make it work on any sub-domain from example.com, use `.example.com`.
+It's possible to lock your code to more than one domain or sub-domain. For instance, to lock it so the code only runs on **www.example.com** add `www.example.com`. To make it work on the root domain including any sub-domains (`example.com`, `sub.example.com`), use `.example.com`.
 
 ### `exclude`
 Type: `string[]` Default: `[]`

diff --git a/dist/index.browser.js b/dist/index.browser.js
diff --git a/dist/index.cli.js b/dist/index.cli.js
diff --git a/dist/index.js b/dist/index.js
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "javascript-obfuscator",
-  "version": "1.7.0",
+  "version": "1.8.0",
   "description": "JavaScript obfuscator",
   "keywords": [
     "obfuscator",
@@ -44,7 +44,7 @@
     "tslib": "2.0.0"
   },
   "devDependencies": {
-    "@types/chai": "4.2.11",
+    "@types/chai": "4.2.12",
     "@types/chance": "1.1.0",
     "@types/escodegen": "0.0.6",
     "@types/eslint-scope": "3.7.0",
@@ -54,7 +54,7 @@
     "@types/mkdirp": "1.0.1",
     "@types/mocha": "8.0.0",
     "@types/multimatch": "4.0.0",
-    "@types/node": "14.0.24",
+    "@types/node": "14.0.26",
     "@types/rimraf": "3.0.0",
     "@types/sinon": "9.0.4",
     "@types/string-template": "1.0.2",
@@ -67,10 +67,10 @@
     "eslint-plugin-import": "2.22.0",
     "eslint-plugin-jsdoc": "30.0.3",
     "eslint-plugin-no-null": "1.0.2",
-    "eslint-plugin-prefer-arrow": "1.2.1",
+    "eslint-plugin-prefer-arrow": "1.2.2",
     "eslint-plugin-unicorn": "21.0.0",
     "fork-ts-checker-notifier-webpack-plugin": "3.0.0",
-    "fork-ts-checker-webpack-plugin": "5.0.7",
+    "fork-ts-checker-webpack-plugin": "5.0.11",
     "mocha": "8.0.1",
     "nyc": "15.1.0",
     "pjson": "1.0.9",
@@ -81,7 +81,7 @@
     "ts-loader": "8.0.1",
     "ts-node": "8.10.2",
     "typescript": "3.9.7",
-    "webpack": "4.43.0",
+    "webpack": "4.44.0",
     "webpack-cli": "3.3.12",
     "webpack-node-externals": "2.5.0"
   },

diff --git a/src/cli/JavaScriptObfuscatorCLI.ts b/src/cli/JavaScriptObfuscatorCLI.ts
@@ -221,7 +221,7 @@ export class JavaScriptObfuscatorCLI implements IInitializable {
             )
             .option(
                 '--domain-lock <list> (comma separated, without whitespaces)',
-                'Blocks the execution of the code in domains that do not match the passed RegExp patterns (comma separated)',
+                'Allows to run the obfuscated source code only on specific domains and/or sub-domains (comma separated)',
                 ArraySanitizer
             )
             .option(

diff --git a/src/custom-code-helpers/domain-lock/templates/DomainLockTemplate.ts b/src/custom-code-helpers/domain-lock/templates/DomainLockTemplate.ts
@@ -83,8 +83,11 @@ export function DomainLockTemplate (): string {
                         
             for (let i = 0; i < domains.length; i++) {
                 const domain = domains[i];
-                const position = currentDomain.length - domain.length;
-                const lastIndex = currentDomain.indexOf(domain, position);
+                const domainNormalized = domain[0] === String.fromCharCode(46)
+                    ? domain.slice(1)
+                    : domain;
+                const position = currentDomain.length - domainNormalized.length;
+                const lastIndex = currentDomain.indexOf(domainNormalized, position);
                 const endsWith = lastIndex !== -1 && lastIndex === position;
                 
                 if (endsWith) {

diff --git a/...functional-tests/custom-code-helpers/domain-lock/templates/DomainLockNodeTemplate.spec.ts b/...functional-tests/custom-code-helpers/domain-lock/templates/DomainLockNodeTemplate.spec.ts
@@ -160,9 +160,39 @@ describe('DomainLockTemplate', () => {
         });
     });
 
-    describe('Variant #3: current domain matches with all domains of `domainsString`', () => {
+    describe('Variant #3: current domain matches with root domain of `domainsString`', () => {
+        const domainsString: string = ['.example.com'].join(';');
+        const currentDomain: string = 'example.com';
+
+        let testFunc: () => void;
+
+        before(() => {
+            const [
+                hiddenDomainsString,
+                diff
+            ] = cryptUtils.hideString(domainsString, domainsString.length * 3);
+
+            testFunc = () => getFunctionFromTemplate(
+                {
+                    domainLockFunctionName: 'domainLockFunction',
+                    diff: diff,
+                    domains: hiddenDomainsString,
+                    globalVariableTemplate: GlobalVariableTemplate1(),
+                    singleCallControllerFunctionName
+                },
+                singleCallControllerFunctionName,
+                getDocumentDomainTemplate(currentDomain)
+            );
+        });
+
+        it('should correctly run code inside template', () => {
+            assert.doesNotThrow(testFunc);
+        });
+    });
+
+    describe('Variant #4: current root domain matches with `domainsString`', () => {
         describe('Variant #1', () => {
-            const domainsString: string = ['example.com', '.example.com'].join(';');
+            const domainsString: string = ['example.com'].join(';');
             const currentDomain: string = 'example.com';
 
             let testFunc: () => void;
@@ -282,7 +312,7 @@ describe('DomainLockTemplate', () => {
         });
     });
 
-    describe('Variant #4: current domain matches with base domain of `domainsString` item', () => {
+    describe('Variant #5: current domain matches with base domain of `domainsString` item', () => {
         const domainsString: string = ['www.test.com', '.example.com'].join(';');
         const currentDomain: string = 'subdomain.example.com';
 
@@ -312,7 +342,7 @@ describe('DomainLockTemplate', () => {
         });
     });
 
-    describe('Variant #5: current domain doesn\'t match with `domainsString`', () => {
+    describe('Variant #6: current domain doesn\'t match with `domainsString`', () => {
         describe('Variant #1', () => {
             const domainsString: string = ['www.example.com'].join(';');
             const currentDomain: string = 'www.test.com';
@@ -401,9 +431,39 @@ describe('DomainLockTemplate', () => {
                 assert.throws(testFunc);
             });
         });
+
+        describe('Variant #4', () => {
+            const domainsString: string = ['.example.com'].join(';');
+            const currentDomain: string = 'example1.com';
+
+            let testFunc: () => void;
+
+            before(() => {
+                const [
+                    hiddenDomainsString,
+                    diff
+                ] = cryptUtils.hideString(domainsString, domainsString.length * 3);
+
+                testFunc = () => getFunctionFromTemplate(
+                    {
+                        domainLockFunctionName: 'domainLockFunction',
+                        diff: diff,
+                        domains: hiddenDomainsString,
+                        globalVariableTemplate: GlobalVariableTemplate1(),
+                        singleCallControllerFunctionName
+                    },
+                    singleCallControllerFunctionName,
+                    getDocumentDomainTemplate(currentDomain)
+                );
+            });
+
+            it('should throw an error', () => {
+                assert.throws(testFunc);
+            });
+        });
     });
 
-    describe('Variant #6: location.hostname', () => {
+    describe('Variant #7: location.hostname', () => {
         describe('Variant #1: current location.hostname matches with `domainsString`', () => {
             const domainsString: string = ['www.example.com'].join(';');
             const currentHostName: string = 'www.example.com';
@@ -465,7 +525,7 @@ describe('DomainLockTemplate', () => {
         });
     });
 
-    describe('Variant #7: domain and location.hostname presented', () => {
+    describe('Variant #8: domain and location.hostname presented', () => {
         describe('Variant #1: current domain matches with `domainsString`', () => {
             const domainsString: string = ['www.example.com'].join(';');
             const currentHostName: string = 'www.example.com';