New cases, improved renaming and using globals/vars

kam193 · Dec 26, 2024 · b075e5e · b075e5e
1 parent 9b92678
commit b075e5e
Show file tree

Hide file tree

Showing 11 changed files with 116 additions and 55 deletions.
diff --git a/ASTGrep/rules/extended/autofixes/python/static-variables.yaml b/ASTGrep/rules/extended/autofixes/python/static-variables.yaml
@@ -32,38 +32,3 @@ fix: $FUNC($DATA)
 metadata:
   extended-obfuscation: yes
 
----
-# yaml-language-server: $schema=https://raw.githubusercontent.com/ast-grep/ast-grep/main/schemas/rule.json
-
-id: python-set-variables-through-locals-globals
-message: Variable value is set using locals or globals function
-language: Python
-rule:
-  kind: assignment
-  all:
-    - has:
-        field: left
-        kind: subscript
-        all:
-          - has:
-              field: value
-              kind: call
-              any:
-                - pattern: globals()
-                - pattern: locals()
-                - pattern: vars()
-          - has:
-              field: subscript
-              has:
-                kind: string_content
-                pattern: $VARIABLE
-    - has:
-        field: right
-        pattern: $VALUE
-        not:
-          pattern: $VARIABLE
-
-fix: $VARIABLE = $VALUE
-
-metadata:
-  extended-obfuscation: yes
diff --git a/ASTGrep/rules/extended/autofixes/python/useless-expressions.yaml b/ASTGrep/rules/extended/autofixes/python/useless-expressions.yaml
@@ -26,3 +26,26 @@ metadata:
     {
       "type": "auto-fix"
     }
+
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/ast-grep/ast-grep/main/schemas/rule.json
+
+id: python-useless-lambda-static-call
+message: Lambda is used to obfuscate a static call
+language: Python
+rule:
+  kind: lambda
+  has:
+    field: body
+    kind: call
+    pattern: $FUNC()
+    any:
+      - pattern: globals()
+      - pattern: locals()
+      - pattern: vars()
+
+fix: $FUNC
+
+metadata:
+  extended-obfuscation: yes
+  confirmed-obfuscation: yes
diff --git a/ASTGrep/rules/extended/python/renaming-imports.yml b/ASTGrep/rules/extended/python/renaming-imports.yml
@@ -2,17 +2,31 @@ id: python-renaming-imports
 message: Renaming imports is sometimes used as obfuscation method
 language: Python
 rule:
+  kind: aliased_import
   all:
-  - kind: aliased_import
-    has:
-      pattern: $ORIGINAL
-      nthChild: 1
-  - kind: aliased_import
-    has:
-      pattern: $RENAMED
-      nthChild: 2
-      not:
+    - has:
         pattern: $ORIGINAL
+        nthChild: 1
+    - has:
+        pattern: $RENAMED
+        nthChild: 2
+        not:
+          pattern: $ORIGINAL
+  any:
+    - inside:
+        kind: import_statement
+    - inside:
+        kind: import_from_statement
+        has:
+          field: module_name
+          pattern: $MODULE_NAME
+          not:
+            regex: ^\.
+    # - inside:
+    #     kind: import_from_statement
+    #     has:
+    #       field: module_name
+    #       regex: ^\.
 
 constraints:
   ORIGINAL:
@@ -26,5 +40,7 @@ metadata:
   deobfuscate: |
     {
       "type": "template",
-      "steps": []
+      "steps": [
+        {"func": "concat", "sources": ["MODULE_NAME", "ORIGINAL"], "separator": ".", "output": "ORIGINAL"}
+      ]
     }
diff --git a/ASTGrep/rules/extended/python/simple.yml b/ASTGrep/rules/extended/python/simple.yml
@@ -166,3 +166,48 @@ metadata:
         {"func": "concat", "sources": ["OBJECT", "FIELD"]}
       ]
     }
+
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/ast-grep/ast-grep/main/schemas/rule.json
+
+id: python-use-variables-through-locals-globals
+message: Variable value is used using locals or globals function
+language: Python
+rule:
+  kind: subscript
+  has:
+    field: value
+    kind: call
+    any:
+      - pattern: globals()
+      - pattern: locals()
+      - pattern: vars()
+  all:
+    - has:
+        field: subscript
+        kind: string
+        pattern: $VARIABLE
+        has:
+          kind: string_content
+          pattern: $VARIABLE_CONTENT
+    - not:
+        all:
+          - inside:
+              kind: assignment
+              field: left
+          - inside:
+              kind: assignment
+              has:
+                field: right
+                pattern: $VARIABLE_CONTENT
+
+metadata:
+  extended-obfuscation: yes
+  confirmed-obfuscation: no
+  deobfuscate: |
+    {
+      "type": "fix-generate",
+      "steps": [
+        {"func": "dequote", "source": "VARIABLE"}
+      ]
+    }
diff --git a/ASTGrep/service/transformations.py b/ASTGrep/service/transformations.py
@@ -195,7 +195,7 @@ def output(config: dict, context: dict):
 def concat(config: dict, context: dict):
     sources = config.get("sources", ["DATA"])
     separator = config.get("separator", ".")
-    return separator.join(context[source] for source in sources)
+    return separator.join(context[source] for source in sources if source in context)
 
 
 def str_concat(config: dict, context: dict):

diff --git a/...ep/tests/simple_examples/python/autofixes/python-set-variables-through-locals-globals.out b/...ep/tests/simple_examples/python/autofixes/python-set-variables-through-locals-globals.out
diff --git a/ASTGrep/tests/simple_examples/python/autofixes/python-useless-lambda-static-call.in b/ASTGrep/tests/simple_examples/python/autofixes/python-useless-lambda-static-call.in
@@ -0,0 +1,4 @@
+x = lambda ooOOODDOODODooOOoD:vars()
+y = lambda ooOOODDOODODooOOoD:vars()['xcz']
+z = lambda ooOOODDOODODooOOoD:vars().aaa
+z2 = lambda ooOOODDOODODooOOoD:vars(a)
diff --git a/ASTGrep/tests/simple_examples/python/autofixes/python-useless-lambda-static-call.out b/ASTGrep/tests/simple_examples/python/autofixes/python-useless-lambda-static-call.out
@@ -0,0 +1,4 @@
+x = vars
+y = lambda ooOOODDOODODooOOoD:xcz
+z = lambda ooOOODDOODODooOOoD:vars().aaa
+z2 = lambda ooOOODDOODODooOOoD:vars(a)
diff --git a/ASTGrep/tests/simple_examples/python/python-renaming-imports.out b/ASTGrep/tests/simple_examples/python/python-renaming-imports.out
@@ -28,10 +28,10 @@ np.array()
 plt.plot()
 bitcoin.core.script.something("aaaa")
 
-something("aaaa")
+base64.something("aaaa")
 
 def aaa():
-    something("aaaa")
+    base64.something("aaaa")
 
 def script(other: str):
     pass

diff --git a/...n-set-variables-through-locals-globals.in → ...n-use-variables-through-locals-globals.in b/...n-set-variables-through-locals-globals.in → ...n-use-variables-through-locals-globals.in
@@ -5,3 +5,5 @@ globals()['sssss']=123
 vars()['yes']=True
 
 globals()['Ids'] = Ids
+
+locals()["oooOODooOoooOoDODoooO"]("aaa")
diff --git a/ASTGrep/tests/simple_examples/python/python-use-variables-through-locals-globals.out b/ASTGrep/tests/simple_examples/python/python-use-variables-through-locals-globals.out
@@ -0,0 +1,9 @@
+IlIIIllIIllIIIlllll=aaa
+
+sssss=123
+
+yes=True
+
+globals()['Ids'] = Ids
+
+oooOODooOoooOoDODoooO("aaa")
Original file line number	Diff line number	Diff line change
Expand Up		@@ -5,3 +5,5 @@ globals()['sssss']=123
		vars()['yes']=True

		globals()['Ids'] = Ids

		locals()["oooOODooOoooOoDODoooO"]("aaa")