如何用Google方式隐藏库源代码? [英] How to hide library source code in Google way?
问题描述
例如,我有一个图书馆,我想保护源代码被观看。第一个想到的方法是创建私有函数的公共包装,如下所示:
$ p $函数executeMyCoolFunction(param1,param2,param3 ){
return executeMyCoolFunction_(param1,param2,param3);
}
代码的公共部分将以这种方式显示。这很好,但所有的Google服务函数看起来像函数abs(){/ * * /} 。我很好奇,有没有像Google那样隐藏图书馆源代码的方法?
编辑00:不要隐藏库代码通过使用另一个库,即具有已知项目密钥的LibA使用具有未知项目密钥的LibB。 LibB的公共职能代码有可能得到并执行它们。代码是:
$ $ p $ 函数exploreLib_(lib,libName){
if(libName == null){
(var name in this){
if(this [name] == lib){
libName = name;
}
}
}
var res = [];
(lib中的var实体){
var obj = lib [实体];
var code;
if(obj [toSource]!= null){
code = obj.toSource();
}
else if(obj [toString]!= null){
code = obj.toString();
}
else {
var nextLibCode = exploreLib_(obj,libName +。+ entity);
res = res.concat(nextLibCode);
}
if(code!= null){
res.push({libraryName:libName,functionCode:code});
}
}
return res;
}
function explorerLibPublicFunctionsCode(){
var lstPublicFunctions = exploreLib_(LibA);
var password = LibA.LibB.getPassword();
}
编辑:反映了异常的堆栈跟踪将包含库项目密钥的事实。
在此示例中,MyLibraryB是MyLibraryA包含的库。两者都公开共享以查看(访问控制),但只有MyLibraryA的项目密钥已知。看来攻击者很难看到MyLibraryB中的代码:
//此函数位于MyLibraryA中,并且你分享它的项目密钥
function executeMyCoolFunction(param1,param2,param3){
for(var i = 0; i <1000000; i ++){
debugger; //强制IDE不能创建一个断点?跳过
}
// ...你的代码在这里
//不共享MyLibraryB项目键
MyLibraryB.doSomething(args ...);
}
但是根据@ megabyte1024的注释,如果您要导致异常MyLibraryB.doSomething(),stacktrace将包含MyLibraryB的项目关键字。
For instance, I have a library and I would like to protect the source code to being viewed. The first method that comes to mind is to create public wrappers for private functions like the following
function executeMyCoolFunction(param1, param2, param3) {
return executeMyCoolFunction_(param1, param2, param3);
}
Only public part of the code will be visible in this way. It is fine, but all Google Service functions look like function abs() {/* */}. I am curious, is there an approach to hide library source code like Google does?
Edit 00: Do not "hide" a library code by using another library, i.e. the LibA with known project key uses the LibB with unknown project key. The public functions code of LibB is possible to get and even execute them. The code is
function exploreLib_(lib, libName) {
if (libName == null) {
for (var name in this) {
if (this[name] == lib) {
libName = name;
}
}
}
var res = [];
for (var entity in lib) {
var obj = lib[entity];
var code;
if (obj["toSource"] != null) {
code = obj.toSource();
}
else if (obj["toString"] != null) {
code = obj.toString();
}
else {
var nextLibCode = exploreLib_(obj, libName + "." + entity);
res = res.concat(nextLibCode);
}
if (code != null) {
res.push({ libraryName: libName, functionCode: code });
}
}
return res;
}
function explorerLibPublicFunctionsCode() {
var lstPublicFunctions = exploreLib_(LibA);
var password = LibA.LibB.getPassword();
}
Edit: changed my answer to reflect the fact that an exception's stacktrace will contain the library project key.
In this example, MyLibraryB is a library included by MyLibraryA. Both are shared publicly to view (access controls) but only MyLibraryA's project key is made known. It appears it would be very difficult for an attacker to see the code in MyLibraryB:
//this function is in your MyLibraryA, and you share its project key
function executeMyCoolFunction(param1, param2, param3) {
for (var i = 0; i < 1000000; i++) {
debugger; //forces a breakpoint that the IDE cannot? step over
}
//... your code goes here
//don't share MyLibraryB project key
MyLibraryB.doSomething(args...);
}
but as per the @megabyte1024's comments, if you were to cause an exception in MyLibraryB.doSomething(), the stacktrace would contain the project key to MyLibraryB.
这篇关于如何用Google方式隐藏库源代码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
