Module `refinery.units.scripting.ps1`

Expand source code Browse git

from __future__ import annotations

from refinery.lib.scripts.ps1.deobfuscation import deobfuscate
from refinery.lib.scripts.ps1.model import Ps1Script
from refinery.lib.scripts.ps1.parser import Ps1Parser
from refinery.lib.scripts.ps1.synth import Ps1Synthesizer
from refinery.units.scripting import IterativeDeobfuscator


class ps1(IterativeDeobfuscator):
    """
    AST-based PowerShell deobfuscator.

    Parses the script into an abstract syntax tree, applies simplifying transformations (constant
    folding, format string evaluation, bracket removal, type cast simplification, string
    operations, case normalization, invoke simplification, uncurly variables), and synthesizes
    clean output. Iterates until stable; running this twice does not change the output.
    """

    def parse(self, data: str) -> Ps1Script:
        return Ps1Parser(data).parse()

    transform = staticmethod(deobfuscate)

    def synthesize(self, ast: Ps1Script) -> str:
        return Ps1Synthesizer().convert(ast)

Classes

class ps1 (timeout=500)

AST-based PowerShell deobfuscator.

Parses the script into an abstract syntax tree, applies simplifying transformations (constant folding, format string evaluation, bracket removal, type cast simplification, string operations, case normalization, invoke simplification, uncurly variables), and synthesizes clean output. Iterates until stable; running this twice does not change the output.

Expand source code Browse git

class ps1(IterativeDeobfuscator):
    """
    AST-based PowerShell deobfuscator.

    Parses the script into an abstract syntax tree, applies simplifying transformations (constant
    folding, format string evaluation, bracket removal, type cast simplification, string
    operations, case normalization, invoke simplification, uncurly variables), and synthesizes
    clean output. Iterates until stable; running this twice does not change the output.
    """

    def parse(self, data: str) -> Ps1Script:
        return Ps1Parser(data).parse()

    transform = staticmethod(deobfuscate)

    def synthesize(self, ast: Ps1Script) -> str:
        return Ps1Synthesizer().convert(ast)

Ancestors

Subclasses

Class variables

var reverse: The type of the None singleton.

Static methods

def transform(ast, max_steps=0, remove_junk=True)

Apply all available deobfuscators to the input. When remove_junk is True, a second pass removes unused variable assignments, uncalled function definitions, and side-effect-free expression statements.

Expand source code Browse git

def deobfuscate(ast: Ps1Script, max_steps: int = 0, remove_junk: bool = True) -> int:
    """
    Apply all available deobfuscators to the input. When `remove_junk` is `True`, a second pass
    removes unused variable assignments, uncalled function definitions, and side-effect-free
    expression statements.
    """
    steps = _phase1.run(ast, max_steps=max_steps)
    if not remove_junk:
        return steps
    if max_steps > 0:
        max_steps -= steps
    steps = _phase2.run(ast, max_steps=max_steps) + steps
    return steps

Methods

def parse(self, data)

Expand source code Browse git

def parse(self, data: str) -> Ps1Script:
    return Ps1Parser(data).parse()

def synthesize(self, ast)

Expand source code Browse git

def synthesize(self, ast: Ps1Script) -> str:
    return Ps1Synthesizer().convert(ast)

Inherited members

IterativeDeobfuscator:
- FilterEverything
- Requires
- act
- assemble
- codec
- console
- filter
- finish
- handles
- is_quiet
- is_reversible
- isatty
- labelled
- leniency
- log_always
- log_debug
- log_detach
- log_fail
- log_info
- log_level
- log_warn
- logger
- name
- nozzle
- optional_dependencies
- read
- read1
- required_dependencies
- reset
- run
- source
- superinit
UnitBase:
- process