Seed generation Improvement & ConstantArray Bugfix

- Updated the random seed generation in the Pipeline:apply function to use a more secure method with a 12-byte hex seed.
- Simplified the boolean expression evaluation by ensuring loadstring is used directly.
- Encapsulated prefix initialization logic in a dedicated function for better readability.
- Cleaned up variable assignments in the ConstantArray:encode function for improved clarity.

Author: SpinnySpiwal

src/prometheus/compiler/expressions/boolean.lua

@@ -28,7 +28,7 @@ local function createRandomASTCFlowExpression(resultBool)
         leftInt = Ast.NumberExpression(math.random(1, 2^24))
         rightInt = Ast.NumberExpression(math.random(1, 2^24))
         r3 = "return " .. leftInt.value .. expLookup[randomExp] .. rightInt.value
-        boolResult = (loadstring or load)(r3)()
+        boolResult = loadstring(r3)()
     until boolResult == resultBool
 
     return randomExp(leftInt, rightInt, false)

src/prometheus/pipeline.lua

@@ -164,10 +164,26 @@ function Pipeline:apply(code, filename)
 	if(self.Seed > 0) then
 		math.randomseed(self.Seed);
 	else
-		-- try to use secure random number generator
+		--> use secure random number generator
 		local success, seed = pcall(function()
-			return tonumber(io.popen("openssl rand -hex 8"):read("*a"):gsub("\n", ""), 16)
+			local seedStr =  io.popen("openssl rand -hex 12"):read("*a"):gsub("\n", "")..""
+			local seedNum = 0;
+
+			--> NOTE: tonumber caps at 1.844674407371e+19. So we use this instead.
+			for i = 1, #seedStr do
+				local char = seedStr:sub(i, i):lower()
+				local digit = char:match("%d") and (char:byte() - 48) or (char:byte() - 87)
+				seedNum = seedNum * 16 + digit
+			end
+
+			--> Random Number Generator in Lua 5.1 is limited to 9.007199254741e+15.
+			if _VERSION == "Lua 5.1" and not jit then
+				seedNum = seedNum % 9.007199254741e+15
+			end
+
+			return seedNum
 		end)
+
 		if success then
 			math.randomseed(seed)
 		else

src/prometheus/steps/ConstantArray.lua

@@ -95,12 +95,14 @@ ConstantArray.SettingsDescriptor = {
 }
 
 local prefix_0, prefix_1;
-local charset = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz!@£$%^&*()_+-=[]{}|\\:;\"'<>,./?";
-repeat
-	local a, b = math.random(1, #charset), math.random(1, #charset);
-	prefix_0 = charset:sub(a, a);
-	prefix_1 = charset:sub(b, b);
-until prefix_0 ~= prefix_1 and math.random() > 0.5;
+local function initPrefixes()
+	local charset = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz!@£$%^&*()_+-=[]{}|:;<>,./?";
+	repeat
+		local a, b = math.random(1, #charset), math.random(1, #charset);
+		prefix_0 = charset:sub(a, a);
+		prefix_1 = charset:sub(b, b);
+	until prefix_0 ~= prefix_1
+end
 
 local function callNameGenerator(generatorFunction, ...)
 	if(type(generatorFunction) == "table") then
@@ -555,10 +557,7 @@ function ConstantArray:encode(str)
 			local rem = len - pos + 1;
 			local count = rem >= 4 and 4 or rem;
 			local b1, b2, b3, b4 = string.byte(str, pos, pos + count - 1);
-			b1 = b1 or 0;
-			b2 = b2 or 0;
-			b3 = b3 or 0;
-			b4 = b4 or 0;
+			b1, b2, b3, b4 = b1 or 0, b2 or 0, b3 or 0, b4 or 0;
 
 			local value = ((b1 * 256 + b2) * 256 + b3) * 256 + b4;
 			local chars = {};
@@ -618,6 +617,7 @@ function ConstantArray:encode(str)
 end
 
 function ConstantArray:apply(ast, pipeline)
+	initPrefixes();
 	self.rootScope = ast.body.scope;
 	self.arrId = self.rootScope:addVariable();
 

tests.lua

@@ -125,7 +125,8 @@ for _, filename in ipairs(scandir(testdir)) do
 				table.remove(preset.Steps, i);
 			end
 		end
-		for iteration = 1, iterationCount do
+
+		for _ = 1, iterationCount do
 			pipeline = Prometheus.Pipeline:fromConfig(preset);
 			local obfuscated = pipeline:apply(code);