Mon, 26 Mar 2007
SpyderMonkey // twiddle your Javascript from Python
I should prefix this post with the proviso there is no code online yet—yes, I know that sucks but given a choice between (finally) posting about this now or waiting until I have the code online I figured the former was better.
Here is the abstract about the project I submitted to linux.conf.au last year:
SpyderMonkey : twiddle your Javascript (or someone else's!) from Python
SpyderMonkey (http://code.rancidbacon.com/spydermonkey/) aims to let you twiddle with your Javascript (or someone else's!) from Python.
While at least one unmaintained Python wrapper for JavaScript exists (http://wwwsearch.sourceforge.net/python-spidermonkey/) SpyderMonkey differs in its implementation by using ctypes (http://docs.python.org/dev/lib/module-ctypes.html) to wrap the underlying Mozilla spidermonkey JavaScript implementation (http://www.mozilla.org/js/spidermonkey/). SpyderMonkey is also the only implementation I am aware of that also wraps the parser and not just the interpreter--this is key to its use in static JavaScript code analysis.
The primary motivation for wrapping the JavaScript parser was to enable further development of JavaScript reverse-engineering and code analysis tools.
During my previous efforts of reverse engineering of JavaScript "Rich Internet Applications" like GMail, Google Maps and similar products I developed a number of scripts based on regular expression parsing "pretty-printed" versions of the obfuscated/compressed source code. While simplistic, these scripts were able to generate Class and Function references listing arguments and the locations where they were used (http://libgmail.sourceforge.net/googlemaps/maps.js.html).
Eventually regex based parsing runs into a wall and this drives the use of an actual parser. JavaScript has a quite complex grammar and in my research I was unable to find a functioning pure-Python JavaScript parser.
This presentation will look at the development of the GPL SpyderMonkey wrapper and some of the issues involved in its construction. In addition we will look at some actual and potential applications that an easier Python-friendly interface allows us to construct in order to assist efforts in areas of debugging, reverse engineering, inter-operability, maintenance and source recovery.
With most RIA JS applications using compression or obfuscation and environments like Google's Web Toolkit AJAX framework for Java (http://code.google.com/webtoolkit/) (or Python's PyJamas http://pyjamas.pyworks.org/) producing JavaScript without direct human involvement there is a growing need for tools to analyse this generated-code. Attend this session and learn what approaches can work for you now and how SpyderMonkey may help you create new tools for the future. (In preparation for the perhaps inevitable "Ummmm, I thought *you* had the original source code..." realisation.)
So, yeah, anyway, the proposal didn't get accepted and so the code's still sitting on my harddrive... The SpyderMonkey page does have a cool logo on it though—that's got to count for something, surely? :-)
As mentioned in the abstract I was attempting to wrap the SpiderMonkey Parser API except it didn't/doesn't really have an official one so I had to make it up as I went along. I wrapped enough of the spidermonkey library with ctypes that I was able to detect items such as functions and variable declarations. This was implemented by way of processing the tree produced by calling js_ParseTokenStream.
I would like to Tidy-Up-The-Code-Enough-To-Release (TM)—don't you hate it when people write that—but a release ain't going to happen tonight. Sorry!
Oh, but I will leave you with a link to the post with instructions on how to compile the spidermonkey JavaScript library for Mac OS X.
Posted at: 04:55 | category: / | | Comments ()
Browser tab grab bag #4
A few more random tab closings...
Planet NZTech feed links
While I think of it, I also just added the Planet NZTech RSS 2.0 and Planet NZTech Atom feeds to the page header so it should be more discoverable.
Christchurch needs "co-working facilities"
One of the biggest negatives about being self-employed and working from home is the social isolation that often goes along with it—a complaint I have had re-enforced by my contact with other home-based self-employed people. A possible solution is to have a shared office with other self-employed people. The downside to this is there is a big jump from working from home to working somewhere where you need to pay a weekly office rental with a medium- to long-term commitment. An alternative approach is to make use of "co-working facilities".
A co-working facility provides office space (or desk space) on a more casual basis than a traditional office rental arrangement. The "tenants" may be a mixture of "foundation" and "casual" where the former receive a better daily rate in exchange for an agreed term commitment.
Here are a few related links describing various implementations of this idea:
- Boing Boing post
- BusinessWeek article
- Coworking Wiki
- Hatfactory in San Francisco
- Writer's Grotto in San Francisco
I would really like to see a coworking facility develop in Christchurch. In fact, I would like to see multiple facilities develop in Christchurch. Ideally I think a city like this should support multiple suburb-based coworking facilities: I don't want to trade a no-commute lifestyle for a long commute to an office!
At present I wouldn't be in a position to bankroll such a project but I do wonder if existing organisations or individuals would be in a position to support a development like this through financial support or provision of currently under-utilised space. Perhaps one or more of these:
- Christchurch City Council
- Canterbury Innovation Incubator
- University of Canterbury
- Canterbury Development Corporation
- Christchurch City Libraries
- Successful local businesses
Speaking for myself simply having a space with internet access and power would be great. Any offers? :-)
Tracking code with Google Code Search
When Google Code Search was released I decided to track down a little watermark I put in something I did a while back.
In the early days of Google Maps when I had developed an approach for displaying a map in a non-Google page I put up some example JavaScript. Because JavaScript tends to be a very "cut and paste" language I thought I'd put in a unique identifier to see where the code snippet ended up. So, in a couple of places I attached the suffix _frb to variable names. When I searched for container_frb it delivered two results—one which seems to acknowledge the source and one which doesn't.
I think the next item will get its own post...
Posted at: 04:40 | category: / | | Comments ()