Regex Obfuscation

Potency Medium
Resilience Medium
Cost Low
Tags: regex

Description

Regular expressions are used for matching text with a pattern. The transformation obfuscates regular expression literals to make them harder to understand by a human without changing their original pattern.

The regular expression becomes harder to read because each character and special-character (e.g., character classes, character sets, quantifiers) is replaced with a more verbose (but equivalent) representation.

Also the same regular expression will look different each time you obfuscate it because the character replacements are randomly generated, making the obfuscated output look polymorphic.

Code Annotation Example

// @jscrambler enable regexObfuscation

Example

Consider the following regular expression to match old IE user agents:

/sMSIEs[6-9]./.test(navigator.userAgent)

The transformation produces random results so the following example is a possible output:

/[\u202f\u1680\t\u00a0 \u180e\f\u205f\n\u2028\v\u2029\u3000\u2000-\u200a\r]\u004dS\111E[\u3000\u2028\r\t\u2029\u202f\u1680\u180e\u2000-\u200a\v \f\n\u00a0\u205f][96-78]./.test(navigator.userAgent)

To obfuscate test and navigator.userAgent consider, for instance, combining this transformation with Dot to Bracket Notation and Duplicate Literals Removal.

API Parameters

Example:

{
  "keys": {
    "accessKey": "XXXXXX",
    "secretKey": "YYYYYY"
  },
  "applicationId": "ZZZZZZ",
  "params": [
    {
      "name": "regexObfuscation"
    }
  ]
}