Add reflection awareness to transformLinkname

[NHAS]

Here's the fix for #882

Hopefully its not too naive as I dont have a super great understanding of the codebase!

[lu4p]

Can you add a test case to https://github.com/burrowers/garble/blob/master/testdata%2Fscript%2Flinkname.txtar

[NHAS]

Sure, it might take me a little bit as I dont fully understand how garble detects reflection on types

[lu4p]

This change overall seems fine, just needs some small changes.

[lu4p]

Sure, it might take me a little bit as I dont fully understand how garble detects reflection on types

You just need to add the example you already provided in your issue. I don't expect you to learn how we do reflection detection.

Read https://github.com/burrowers/garble/blob/master/CONTRIBUTING.md as an introduction.

[NHAS]

I am yet to add the test, as it would involve writing a package that is interacted with via reflection that disabled obfuscation. As I cant use crypto/x/ssh as tests cant import packages.

[lu4p]

You can definitely import remote packages, but that is a bit more involved.

I think in this case it's easier to just declare a Method in a package and then linknaming it from another.

[NHAS]

Ah sorry, I was a little unclear. I was meaning importing a remote package (in this case crypto/x/ssh).

In this case doesnt it have to be a new package that is also then interacted with via reflection so that obfuscation is turned off? Hence me needing to understand how a package is determined to be a target for reflection

[lu4p]

You can use

var _ = reflect.TypeOf(t{})

To exclude type t from obfuscation, basically any type that is used in reflection somewhere is excluded.

[NHAS]

Sweet thanks, I've added the test and made sure it fails without my changes, and passes with them :)

[lu4p]

Just a few last comments

[NHAS]

Right I've made those changes that you asked for.

[NHAS]

Just a small question on this now that its merged, what are the criteria for a release being made for this? I just have an open issue on my repo that regards this

[lu4p]

You can use

go install mvdan.cc/garble@master

for now, maybe after #876 is merged.

[NHAS]

Is the main branch considered stable? I just dont want my builds pointing to something that may break in the future

[lu4p]

The code pushed to the master branch is tested extensively and doesn't really differ from the release versions. However we may deprecate old go versions on the master branch without notice.

You can also use @commit_hash to pin to a specific commit if you're more comfortable with that.