Browse Source

obfuscate cgo-generated-Go filenames

It's not a problem to leak filenames like _cgo_gotypes.go,
but it is a problem when it includes the import path:

	$ strings main | grep _cgo_gotypes
	test/main/_cgo_gotypes.go

Here, "test/main" is the module path, which we want to hide.
We hadn't caught this before because the cgo.txt test did not check that
module paths aren't being leaked - it does now.

The fix is rather simple; we let printFile handle cgo-generated files.
We used to avoid that due to compiler errors, as the compiler only
allows some special cgo comment directives to work in cgo-generated
code, to prevent misuse in user code.

The fix is rather easy: the obfuscated filenames should begin with
"_cgo_" to appease the compiler's check.
Daniel Martí 1 month ago
parent
commit
21dfbd3379
2 changed files with 5 additions and 6 deletions
  1. 4 5
      position.go
  2. 1 1
      testdata/scripts/cgo.txt

+ 4 - 5
position.go

@@ -37,10 +37,9 @@ func printFile(file *ast.File) ([]byte, error) {
 
 	fsetFile := fset.File(file.Pos())
 	filename := filepath.Base(fsetFile.Name())
+	newPrefix := ""
 	if strings.HasPrefix(filename, "_cgo_") {
-		// cgo-generated files don't need changed line numbers.
-		// Plus, the compiler can complain rather easily.
-		return src, nil
+		newPrefix = "_cgo_"
 	}
 
 	// Many parts of garble, notably the literal obfuscator, modify the AST.
@@ -73,7 +72,7 @@ func printFile(file *ast.File) ([]byte, error) {
 	// in case we miss any positions below.
 	// We use a //-style comment, because there might be build tags.
 	// toAdd is for /*-style comments, so add it to printBuf2 directly.
-	printBuf2.WriteString("//line :1\n")
+	fmt.Fprintf(&printBuf2, "//line %s:1\n", newPrefix)
 
 	// We use an empty filename when tokenizing below.
 	// We use a nil go/scanner.ErrorHandler because src comes from go/printer.
@@ -126,7 +125,7 @@ func printFile(file *ast.File) ([]byte, error) {
 			// Otherwise, we could change the syntax of the program.
 			// Inserting "/*text*/" in "a/b" // must be "a/ /*text*/ b",
 			// as "a//*text*/b" is tokenized as a "//" comment.
-			fmt.Fprintf(&printBuf2, " /*line %s:1*/ ", newName)
+			fmt.Fprintf(&printBuf2, " /*line %s%s:1*/ ", newPrefix, newName)
 		}
 	}
 }

+ 1 - 1
testdata/scripts/cgo.txt

@@ -6,7 +6,7 @@ garble build
 ! stderr 'warning' # check that the C toolchain is happy
 exec ./main
 cmp stdout main.stdout
-! binsubstr main$exe 'PortedField'
+! binsubstr main$exe 'PortedField' 'test/main'
 
 [short] stop # no need to verify this with -short