Regex Obfuscation

Potency Medium
Resilience Medium
Cost Low
Tags: regex

Description

Regular expressions are used for matching text with a pattern. The transformation obfuscates regular expression literals to make them harder to understand by a human without changing their original pattern.

The regular expression becomes harder to read because each character and special-character (e.g., character classes, character sets, quantifiers) is replaced with a more verbose (but equivalent) representation.

Also the same regular expression will look different each time you obfuscate it because the character replacements are randomly generated, making the obfuscated output look polymorphic.

Note: Currently, Unicode-aware regular expressions and Named Capture Groups are not supported, and for that reason, it will be ignored by the Regex Obfuscation transformation. Example:

// unicode-aware regex will be ignored
console.log(/\u{61}/u.test('a'));
// regex with named capture groups will be ignored
console.log(/(?<year>\d{4})-(?<month>\d{2})-(?<day>\d{2})/.exec('2020-03-04'));

Code Annotation Example

// @jscrambler enable regexObfuscation

Example

Consider the following regular expression to match old IE user agents:

/\sMSIE\s[6-9]\./.test(navigator.userAgent)

The transformation produces random results so the following example is a possible output:

/[\u202f\u1680\t\u00a0 \u180e\f\u205f\n\u2028\v\u2029\u3000\u2000-\u200a\r]\u004dS\111E[\u3000\u2028\r\t\u2029\u202f\u1680\u180e\u2000-\u200a\v \f\n\u00a0\u205f][96-78]\./.test(navigator.userAgent)

To obfuscate test and navigator.userAgent consider, for instance, combining this transformation with Dot to Bracket Notation and Duplicate Literals Removal.

Browser Compatibility

Browser Compatible Versions Tested Versions Notes
Chrome 60+ 60+
Firefox 50+ 50+
Internet Explorer 8+ 8+
Microsoft Edge 18+ 18+
Safari 9.1+ 9.1+

API Parameters

Example:

{
  "keys": {
    "accessKey": "XXXXXX",
    "secretKey": "YYYYYY"
  },
  "applicationId": "ZZZZZZ",
  "params": [
    {
      "name": "regexObfuscation"
    }
  ]
}