Regex Obfuscation
Potency Medium
Resilience Medium
Cost Low
Tags: regex
Description
Regular expressions are used for matching text with a pattern. The transformation obfuscates regular expression literals to make them harder to understand by a human without changing their original pattern.
The regular expression becomes harder to read because each character and special-character (e.g., character classes, character sets, quantifiers) is replaced with a more verbose (but equivalent) representation.
Also the same regular expression will look different each time you obfuscate it because the character replacements are randomly generated, making the obfuscated output look polymorphic.
Note: Currently, Unicode-aware regular expressions and Named Capture Groups are not supported, and for that reason, it will be ignored by the Regex Obfuscation transformation. Example:
console.log(/\u{61}/u.test('a'));
console.log(/(?<year>\d{4})-(?<month>\d{2})-(?<day>\d{2})/.exec('2020-03-04')); Code Annotation Example
// @jscrambler enable regexObfuscation
Example
Consider the following regular expression to match old IE user agents:
/\sMSIE\s[6-9]\./.test(navigator.userAgent)
The transformation produces random results so the following example is a possible output:
/[\u202f\u1680\t\u00a0 \u180e\f\u205f\n\u2028\v\u2029\u3000\u2000-\u200a\r]\u004dS\111E[\u3000\u2028\r\t\u2029\u202f\u1680\u180e\u2000-\u200a\v \f\n\u00a0\u205f][96-78]\./.test(navigator.userAgent)
To obfuscate test and navigator.userAgent consider, for instance, combining this transformation with Dot to Bracket Notation and Duplicate Literals Removal.
Browser Compatibility
| Browser | Compatible Versions | Tested Versions | Notes |
| Chrome | 80+ | 80+ | |
| Firefox | 90+ | 90+ | |
| Internet Explorer | 8+ | 8+ | |
| Microsoft Edge | 116+ | 116+ | |
| Safari | 13.1+ | 13.1+ | |
API Parameters
Example:
{
"keys": {
"accessKey": "XXXXXX",
"secretKey": "YYYYYY"
},
"applicationId": "ZZZZZZ",
"params": [
{
"name": "regexObfuscation"
}
]
}