Module `refinery.units.scripting.ps1`

Expand source code Browse git

from __future__ import annotations

from refinery.lib.scripts.ps1.deobfuscation import deobfuscate
from refinery.lib.scripts.ps1.model import Ps1Script
from refinery.lib.scripts.ps1.parser import Ps1Parser
from refinery.lib.scripts.ps1.synth import Ps1Synthesizer
from refinery.units.scripting import IterativeDeobfuscator


class ps1(IterativeDeobfuscator):
    """
    AST-based PowerShell deobfuscator.

    Parses the script into an abstract syntax tree, applies simplifying transformations (constant
    folding, format string evaluation, bracket removal, type cast simplification, string
    operations, case normalization, invoke simplification, uncurly variables), and synthesizes
    clean output. Iterates until stable.
    """

    def parse(self, data: str) -> Ps1Script:
        return Ps1Parser(data).parse()

    transform = staticmethod(deobfuscate)

    def synthesize(self, ast: Ps1Script) -> str:
        return Ps1Synthesizer().convert(ast)

Classes

class ps1 (timeout=100)

AST-based PowerShell deobfuscator.

Parses the script into an abstract syntax tree, applies simplifying transformations (constant folding, format string evaluation, bracket removal, type cast simplification, string operations, case normalization, invoke simplification, uncurly variables), and synthesizes clean output. Iterates until stable.

Expand source code Browse git

class ps1(IterativeDeobfuscator):
    """
    AST-based PowerShell deobfuscator.

    Parses the script into an abstract syntax tree, applies simplifying transformations (constant
    folding, format string evaluation, bracket removal, type cast simplification, string
    operations, case normalization, invoke simplification, uncurly variables), and synthesizes
    clean output. Iterates until stable.
    """

    def parse(self, data: str) -> Ps1Script:
        return Ps1Parser(data).parse()

    transform = staticmethod(deobfuscate)

    def synthesize(self, ast: Ps1Script) -> str:
        return Ps1Synthesizer().convert(ast)

Ancestors

Subclasses

Class variables

var reverse: The type of the None singleton.

Static methods

def transform(ast)

Apply all available deobfuscators to the input.

Expand source code Browse git

def deobfuscate(ast: Ps1Script) -> bool:
    """
    Apply all available deobfuscators to the input.
    """
    transformers = [
        Ps1Simplifications(),
        Ps1ConstantInlining(),
        Ps1ConstantFolding(),
        Ps1FunctionEvaluator(),
        Ps1TypeCasts(),
        Ps1SecureStringDecryptor(),
        Ps1IexInlining(),
    ]
    for t in transformers:
        t.visit(ast)
    return any(t.changed for t in transformers)

Methods

def parse(self, data)

Expand source code Browse git

def parse(self, data: str) -> Ps1Script:
    return Ps1Parser(data).parse()

def synthesize(self, ast)

Expand source code Browse git

def synthesize(self, ast: Ps1Script) -> str:
    return Ps1Synthesizer().convert(ast)

Inherited members

IterativeDeobfuscator:
- FilterEverything
- Requires
- act
- assemble
- codec
- console
- filter
- finish
- handles
- is_quiet
- is_reversible
- isatty
- labelled
- leniency
- log_always
- log_debug
- log_detach
- log_fail
- log_info
- log_level
- log_warn
- logger
- name
- nozzle
- optional_dependencies
- read
- read1
- required_dependencies
- reset
- run
- source
- superinit
UnitBase:
- process