问题
Apart from text-to-code methods, like eval/Function, or adding additional scripts, are there any more ways to shroud lexical scoping, which would invalidate a basic lexical search for an identifier's declaration, and all references?
This is related to e.g. vs-code's "rename" (F2 by default), more precisely, implementing similar functionality. In other words, locally observing a snippet from a larger program, and renaming an identifier - not in a normal "best practice" situation, but where an obfuscator deliberately tries to sabotage you.
An example of a problematic case with eval would be this:
function f() {
try { v; } catch(_) { console.log("weewoo"); }
}
{
let v = 1;
function g() {
v; // entering here, trying to rename this "v"
}
eval(`(${f.toString()})()`);
}
In vs-code, renaming the marked v would semantically change the code, which can be detected.
If there should be no eval/Function usage in the entire code, and it's certain, that no additional code is being loaded, is a lexical renaming always safe? Are there more such pitfalls?
Edit: There are two other cases, which i forgot to mention, because they typically don't apply, and are far easier to detect. However, they are still very related:
using the fact, that global scope variables are added to the global object:
var v = 1; v; // renaming here if (!window[String.fromCharCode(118)]) console.log("weewoo");non-strict mode legacy
withstatement (which vs-code does detect!):var v = 0; with({ v: 1 }) { v; // renaming here if (!v) console.log("weewoo"); }
来源:https://stackoverflow.com/questions/61560852/breaking-lexical-scope-to-prevent-finding-all-references