Implementing Obfuscation in Java based Test Automation Frameworks
Obfuscation means creating source or machine code that is difficult for humans to understand.
Obfuscation is done to protect & maintain confidentiality of the source code.
Most of the time in our Organization we have our own testing framework with our own custom tasks. What if somehow those class files goes outside the organization? Though it will be a security breech, still,
Someone can easily decompile our compiled code from those jar files, which is something we do not want. So, to protect our code & deter reverse engineering, we use the approach to obfuscate all the framework Jar files. This can be done manually- a time consuming and tedious approach, or by using an open source tool(e.g Pro-guard).
In this post we will do it using Pro-guard. In order to provide an extra layer of protection to our Jar files from outside world, We will obfuscate our Jar libraries using Proguard’s API.
So for this, first add dependency Pro-guard in Maven- pom.xml file.
<dependency>
<groupId>net.sf.proguard</groupId>
<artifactId>proguard-base</artifactId>
<version>6.0.3</version>
</dependency>And after this, create a configuration file, to instruct Pro- guard whether to keep specific variable/ method/ class name as it or or change it.
A sample Pro- guard configuration file will look like below:
#########################Obfuscate.conf#######################-dontnote org.apache.**
-dontnote com.google.**
-dontnote com.sun.**
-dontnote org.objectweb.asm.*
-dontnote javax.**
-dontnote org.joda.time.*
-dontnote org.yaml.snakeyaml.*
-dontnote org.w3c.dom.**
-dontnote org.xml.sax.**
-dontnote org.**
-dontnote org.objectweb.asm.*
-dontnote com.solacesystems.**
-libraryjars <java.home>/lib/rt.jar
-libraryjars <java.home>/lib/jce.jar
-optimizationpasses 1
-printmapping mapping.txt
-optimizations !code/simplification/arithmetic,!field/*,!class/merging*/
-optimizations !code/allocation/variable
-allowaccessmodification
-repackageclasses ''
-flattenpackagehierarchy
-dontskipnonpubliclibraryclasses
-dontskipnonpubliclibraryclassmembers
-useuniqueclassmembernames
-keepparameternames
-adaptclassstrings
-verbose
-renamesourcefileattribute SourceFile
-keepattributes Exceptions,InnerClasses,Signature,Deprecated,
SourceFile,LineNumberTable,*Annotation*,EnclosingMethod,!LocalVariableTable,!LocalVariableTypeTable
-keep, allowobfuscation class com.xyz.automation.*
-keepclassmembers, allowobfuscation class * {
*;
}
-keep class com.xyz.database
{
*;
}
-keep class * implements java.sql.Driver
-keep public class * {
public *;
}
-keepclasseswithmembernames,includedescriptorclasses class * {
public *;
}
Pro-guard configuration file in pom.xml
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<version>2.0.14</version>
<configuration>
<proguardInclude>${project.parent.basedir}\Obfuscate.conf</proguardInclude>
<skip>false</skip>
<injar>${project.build.finalName}.${project.packaging}</injar>
<outjar>${project.build.finalName}-proguard.${project.packaging}</outjar>
</configuration>
<dependencies>
<dependency>
<groupId>net.sf.proguard</groupId>
<artifactId>proguard-base</artifactId>
<version>6.0.3</version>
<scope>runtime</scope>
</dependency>
</dependencies>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>proguard</goal>
</goals>
</execution>
</executions>
</plugin>So, in a nutshell, Obfuscation will help in hiding program private methods and variables to the external users.
Git
I have implemented this in a sample project. You can find the entire framework code here.
https://github.com/raghwendra-sonu/Obfuscation_Implementation
You can Read more about it here: https://www.guardsquare.com/en/proguard/manual/introduction
I hope this was useful. If you ever need my help, you can write in comments sections. Also, you can contact me through my LinkedIn Profile.
