Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

util: print External address from inspect #34398

Closed
wants to merge 3 commits into from

Conversation

rosaxxny
Copy link
Contributor

@rosaxxny rosaxxny commented Jul 16, 2020

Fixes: #28250

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • commit message follows commit guidelines

@nodejs-github-bot nodejs-github-bot added c++ util labels Jul 16, 2020
@nodejs-github-bot
Copy link
Contributor

@nodejs-github-bot nodejs-github-bot commented Jul 16, 2020

src/node_util.cc Outdated
static void GetExternalValue(
const FunctionCallbackInfo<Value>& args) {
CHECK(args[0]->IsExternal());
auto isolate = args.GetIsolate();
Copy link
Member

@juanarbol juanarbol Jul 17, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is nice! Thank you!

This is not a blocker at all, but I'd prefer specify the type

Suggested change
auto isolate = args.GetIsolate();
Isolate* isolate = args.GetIsolate();

Just a sugestion, not a blocker.

@tniessen
Copy link
Member

@tniessen tniessen commented Jul 17, 2020

I think this always prints the pointer, unlike what @addaleax suggested in #28250 (comment). Anna expressed potential security concerns there.

@addaleax
Copy link
Member

@addaleax addaleax commented Jul 17, 2020

@tniessen Yeah, it’s … not simple. On the one hand, the pointer should not end up in the hands of an attacker – on the other hand, if you’re publicly sharing debugging information for internal objects, like util.inspect() returns, then you’re likely to expose more sensitive information than that anyway. So I think this is okay, but if somebody else feels strongly, I also understand that.

@tniessen
Copy link
Member

@tniessen tniessen commented Jul 17, 2020

I am not overly concerned either. Are there any objects returned by core APIs that contain externals that would expose internal pointers when util.inspect()ed? Without accessing undocumented properties? So does Node.js core return any objects that could previously safely be inspected, and might now expose pointers?

@addaleax
Copy link
Member

@addaleax addaleax commented Jul 17, 2020

@tniessen No, Node.js core should currently be fine anyway. We only use Externals for StreamBase and SecureContext, but these objects are only created through prototype getters, so neither are the property names printed in the default inspect output, nor are the External values actually created there.

Copy link
Member

@tniessen tniessen left a comment

LGTM then, thank you for the explanation @addaleax.

src/node_util.cc Outdated

void* ptr = external->Value();
char val[20];
snprintf(val, sizeof(val), "%p", ptr);
Copy link
Member

@bnoordhuis bnoordhuis Jul 18, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

%p can either format the pointer as 1234abcde or 0x1234abcd, and there's also potential inconsistency around NULL pointers. I'd cast the pointer to uint64_t and format it with PRIx64 from <cinttypes>.

An alternative solution is to turn the pointer into a BigInt with v8::BigInt::NewFromUnsigned() and do the formatting in JS land with value.toString(16).

assert.strictEqual(util.inspect((new JSStream())._externalStream),
'[External]');
assert.match(util.inspect((new JSStream())._externalStream),
/^\[External: .*?\]$/);
Copy link
Member

@bnoordhuis bnoordhuis Jul 18, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you check that the value is a non-empty hex string?

Copy link
Member

@tniessen tniessen Jul 18, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
/^\[External: .*?\]$/);
/^\[External: [0-9a-f]+\]$/);

@rosaxxny
Copy link
Contributor Author

@rosaxxny rosaxxny commented Jul 23, 2020

@rosaxxny rosaxxny requested a review from as a code owner Jul 23, 2020
@tniessen
Copy link
Member

@tniessen tniessen commented Jul 23, 2020

Changes still LGTM, but the branch seems to have unrelated changes. Maybe a merge commit is the problem?

@addaleax addaleax added the author ready label Jul 27, 2020
@nodejs-github-bot
Copy link
Contributor

@nodejs-github-bot nodejs-github-bot commented Jul 27, 2020

@addaleax
Copy link
Member

@addaleax addaleax commented Jul 28, 2020

Landed in fe2a7f0

@addaleax addaleax closed this Jul 28, 2020
addaleax added a commit that referenced this issue Jul 28, 2020
Fixes: #28250

PR-URL: #34398
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
@ruyadorno
Copy link
Member

@ruyadorno ruyadorno commented Jul 28, 2020

This does not land cleanly on v14.x, should it be backported?

@ruyadorno ruyadorno added the backport-requested-v14.x label Jul 28, 2020
rosaxxny added a commit to rosaxxny/node that referenced this issue Jul 31, 2020
Fixes: nodejs#28250

PR-URL: nodejs#34398
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
danielleadams pushed a commit that referenced this issue Aug 4, 2020
Fixes: #28250

PR-URL: #34398
Backport-PR-URL: #34583
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
@codebytere codebytere mentioned this pull request Aug 10, 2020
addaleax added a commit that referenced this issue Sep 22, 2020
Fixes: #28250

PR-URL: #34398
Backport-PR-URL: #34583
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
addaleax added a commit that referenced this issue Sep 22, 2020
Fixes: #28250

PR-URL: #34398
Backport-PR-URL: #34583
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
@codebytere codebytere mentioned this pull request Sep 28, 2020
@targos targos added backported-to-v14.x and removed author ready backport-requested-v14.x labels Apr 25, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backported-to-v14.x c++ util
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

10 participants