5.7. Resource Sanitization
5.7.1. Introduction
Resource sanitization feature allows to sanitize and optionally minify the embedded resources of an assembly. Sanitization removes privacy disclosing information such as comments in XML and JSON files, EXIF tag/thumbnail headers in JPEG and PNG files etc.
Eazfuscator.NET supports a finite set of file types which can be sanitized: XML, XSD, XSLT, JSON, PNG and JPEG. All other file types are ignored and kept intact even when there is a directive that instructs to sanitize them.
Let's take a look on example.
Example 5.8. The original XML file
<request id="1">
<reference>REQ-D2867DBE</reference>
<destination>Contoso Headquarters</destination>
<!-- For the full list of types see https://example.net/internal/docs/contoso-protocol-doc.html -->
<type>43</type>
</request>
Example 5.9. The sanitized XML file
<request id="1">
<reference>REQ-D2867DBE</reference>
<destination>Contoso Headquarters</destination>
<type>43</type>
</request>
As you can see, the XML comments were pruned during sanitization.
5.7.2. Instructions
To enable resource sanitization, you should apply an attribute to your assembly. In order to do that, you can use the instructions below.
Instructions on enabling resource sanitization
-
Open obfuscatable project inside the IDE
-
Add new source file to the project and call it
ObfuscationSettings.cs
(for C#) orObfuscationSettings.vb
(for Visual Basic .NET). You may prefer to use another name instead ofObfuscationSettings.cs
orObfuscationSettings.vb
-
Fill
ObfuscationSettings.cs
with the following content (C#):using System;
using System.Reflection;
[assembly: Obfuscation(Feature = "sanitize resources", Exclude = false)]For Visual Basic .NET, fill
ObfuscationSettings.vb
with the following content:Imports System
Imports System.Reflection
<Assembly: Obfuscation(Feature:="sanitize resources", Exclude:=False)>
Assembly resources are not minified by default. If you want to achieve smaller size and better runtime performance of an output assembly then you may consider to turn on the resource minification.
The exact minification effect depends on a file type. For example, all the redundant whitespaces in .xml files are pruned when minification is on.
Example 5.10. The sanitized XML file
<request id="1">
<reference>REQ-D2867DBE</reference>
<destination>Contoso Headquarters</destination>
<type>43</type>
</request>
Example 5.11. The sanitized and minified XML file
<request id="1"><reference>REQ-D2867DBE</reference><destination>Contoso Headquarters</destination><type>43</type></request>
The [minify]
flag turns on the minification when specified as shown in the sample below:
Example 5.12. Sanitize and minify all resources
using System;
using System.Reflection;
[assembly: Obfuscation(Feature = "sanitize resources [minify]", Exclude = false)]
Sometimes it may be beneficial to sanitize just some resources while leaving the others intact. The Exclude
attribute property set to true
can be used in order to do that, as shown in the sample below.
Example 5.13. Sanitize all resources except .png files
using System;
using System.Reflection;
[assembly: Obfuscation(Feature = "sanitize resources", Exclude = false)]
[assembly: Obfuscation(Feature = "sanitize resources *.png", Exclude = true)]
It may be profitable to go other way around by explicitly specifying just those resources that should be sanitized. This technique is shown in the sample below.
Example 5.14. Sanitize secret.xml and all .jpg resources; the others are left intact
using System;
using System.Reflection;
[assembly: Obfuscation(Feature = "sanitize resources secret.xml", Exclude = false)]
[assembly: Obfuscation(Feature = "sanitize resources *.jpg", Exclude = false)]
Notice how both examples use the concept of a glob mask to target multiple resources at once.
The given options can be combined in a free way giving you the power to choose the best combination. If you are not sure which combination to choose then just go with a simplest one: sanitize all resources. If you know what you are doing then you can end up with something like that:
Example 5.15. Advanced resource sanitization configuration
using System;
using System.Reflection;
[assembly: Obfuscation(Feature = "sanitize resources", Exclude = false)]
[assembly: Obfuscation(Feature = "sanitize resources *.png", Exclude = true)]
[assembly: Obfuscation(Feature = "sanitize resources *.jpg", Exclude = true)]
[assembly: Obfuscation(Feature = "sanitize resources [minify] License.xml", Exclude = false)]
[assembly: Obfuscation(Feature = "sanitize resources [minify] Help.xml", Exclude = false)]