Code Smell 284 – Encrypted Functions

Code Smell 284 – Encrypted Functions


Cryptic Code is Bad Code

TL;DR: Avoid obfuscated functions in your code.

This article is based on a real social hacking event disguised as a job interview

Problems

  • Hidden vulnerabilities
  • Readability
  • Testability
  • Trust issues
  • Bad Naming

Solutions

  1. Use clear names
  2. Avoid obfuscation
  3. Explain intent clearly
  4. Review shared code
  5. Don’t trust code from unreliable sources
  6. Avoid modification since it is a sign of Premature Optimization

Context

When you write functions with cryptic or obfuscated names, you make your code unreadable and untrustworthy. This pattern often hides malicious intent or makes debugging and collaboration unnecessarily hard. Cryptic code also frustrates team members and future maintainers, increasing technical debt and security risks. Remember, hacking has a strong social component compared to what you see in Hollywood movies.

Sample Code

Wrong

function _0xaexad(_0x12bfc3, _0x43a1e9) {
  return _0x12bfc3 ^ _0x43a1e9;
}

const result = _0xaexad(0x1a, 0x2f);
console.log(result);

Right

function xorOperation(orValue1, orValue2) {
  return orValue1 ^ orValue2;
}

const result = xorOperation(26, 47);
console.log(result);

Detection

You can detect this smell by scanning your codebase for meaningless or obfuscated function names. Use linters or code analysis tools to flag short, cryptic, or randomly named functions. Manual code reviews can also help identify suspicious patterns.

Tags

Level

Why the Bijection Is Important

Readable and meaningful names create a one-to-one correspondence between the real-world concept and your code.

Breaking this connection makes your program confusing and error-prone.

AI Generation

AI generators sometimes produce cryptic function names, especially when they optimize for brevity or imitate obfuscated patterns.

AI Detection

AI tools can detect and fix this smell when you ask them to refactor unclear function names or enforce coding standards.

They can analyze your entire codebase and suggest meaningful replacements for obfuscated names.

Try Them!

Remember: AI Assistants make lots of mistakes

Conclusion

Avoid obfuscating your function names.

Write code that communicates your intent.

When you prioritize readability, you make your software easier to understand, debug, and maintain.

Cryptic code might look clever, but it adds unnecessary complexity.

https://hackernoon.com/how-to-find-the-stinky-parts-of-your-code-part-xxviii

https://hackernoon.com/how-to-find-the-stinky-parts-of-your-code-part-xliii

https://hackernoon.com/how-to-find-the-stinky-parts-of-your-code-part-ii-o96s3wl4

https://hackernoon.com/how-to-find-the-stinky-parts-of-your-code-part-iv-7sc3w8n

More Info

Disclaimer: Code Smells are my opinion.



The strength of a cryptographic system depends entirely on the strength of its weakest component.

– Bruce Schneier


This article is part of the CodeSmell Series.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *