Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

util: print External address from inspect #34398

Closed
wants to merge 3 commits into from

Conversation

rosaxxny
Copy link
Contributor

Fixes: #28250

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • commit message follows commit guidelines

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. util Issues and PRs related to the built-in util module. labels Jul 16, 2020
@nodejs-github-bot
Copy link
Collaborator

src/node_util.cc Outdated
static void GetExternalValue(
const FunctionCallbackInfo<Value>& args) {
CHECK(args[0]->IsExternal());
auto isolate = args.GetIsolate();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is nice! Thank you!

This is not a blocker at all, but I'd prefer specify the type

Suggested change
auto isolate = args.GetIsolate();
Isolate* isolate = args.GetIsolate();

Just a sugestion, not a blocker.

@tniessen
Copy link
Member

I think this always prints the pointer, unlike what @addaleax suggested in #28250 (comment). Anna expressed potential security concerns there.

@addaleax
Copy link
Member

@tniessen Yeah, it’s … not simple. On the one hand, the pointer should not end up in the hands of an attacker – on the other hand, if you’re publicly sharing debugging information for internal objects, like util.inspect() returns, then you’re likely to expose more sensitive information than that anyway. So I think this is okay, but if somebody else feels strongly, I also understand that.

@tniessen
Copy link
Member

I am not overly concerned either. Are there any objects returned by core APIs that contain externals that would expose internal pointers when util.inspect()ed? Without accessing undocumented properties? So does Node.js core return any objects that could previously safely be inspected, and might now expose pointers?

@addaleax
Copy link
Member

@tniessen No, Node.js core should currently be fine anyway. We only use Externals for StreamBase and SecureContext, but these objects are only created through prototype getters, so neither are the property names printed in the default inspect output, nor are the External values actually created there.

Copy link
Member

@tniessen tniessen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM then, thank you for the explanation @addaleax.

src/node_util.cc Outdated

void* ptr = external->Value();
char val[20];
snprintf(val, sizeof(val), "%p", ptr);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

%p can either format the pointer as 1234abcde or 0x1234abcd, and there's also potential inconsistency around NULL pointers. I'd cast the pointer to uint64_t and format it with PRIx64 from <cinttypes>.

An alternative solution is to turn the pointer into a BigInt with v8::BigInt::NewFromUnsigned() and do the formatting in JS land with value.toString(16).

assert.strictEqual(util.inspect((new JSStream())._externalStream),
'[External]');
assert.match(util.inspect((new JSStream())._externalStream),
/^\[External: .*?\]$/);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you check that the value is a non-empty hex string?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
/^\[External: .*?\]$/);
/^\[External: [0-9a-f]+\]$/);

@rosaxxny
Copy link
Contributor Author

@juanarbol @bnoordhuis @tniessen Updated, PTAL.

@rosaxxny rosaxxny requested a review from a team July 23, 2020 16:22
@tniessen
Copy link
Member

Changes still LGTM, but the branch seems to have unrelated changes. Maybe a merge commit is the problem?

@rosaxxny rosaxxny force-pushed the util/inspect-external branch from 0387c8d to 880c5b1 Compare July 23, 2020 23:45
@addaleax addaleax added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Jul 27, 2020
@nodejs-github-bot
Copy link
Collaborator

@addaleax
Copy link
Member

Landed in fe2a7f0

@addaleax addaleax closed this Jul 28, 2020
addaleax pushed a commit that referenced this pull request Jul 28, 2020
Fixes: #28250

PR-URL: #34398
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Gus Caplan <[email protected]>
Reviewed-By: Juan José Arboleda <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
@ruyadorno
Copy link
Member

This does not land cleanly on v14.x, should it be backported?

rosaxxny added a commit to rosaxxny/node that referenced this pull request Jul 31, 2020
Fixes: nodejs#28250

PR-URL: nodejs#34398
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Gus Caplan <[email protected]>
Reviewed-By: Juan José Arboleda <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
danielleadams pushed a commit that referenced this pull request Aug 4, 2020
Fixes: #28250

PR-URL: #34398
Backport-PR-URL: #34583
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Gus Caplan <[email protected]>
Reviewed-By: Juan José Arboleda <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
@codebytere codebytere mentioned this pull request Aug 10, 2020
addaleax pushed a commit that referenced this pull request Sep 22, 2020
Fixes: #28250

PR-URL: #34398
Backport-PR-URL: #34583
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Gus Caplan <[email protected]>
Reviewed-By: Juan José Arboleda <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
addaleax pushed a commit that referenced this pull request Sep 22, 2020
Fixes: #28250

PR-URL: #34398
Backport-PR-URL: #34583
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Gus Caplan <[email protected]>
Reviewed-By: Juan José Arboleda <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
@codebytere codebytere mentioned this pull request Sep 28, 2020
@targos targos added backported-to-v14.x and removed author ready PRs that have at least one approval, no pending requests for changes, and a CI started. backport-requested-v14.x labels Apr 25, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. util Issues and PRs related to the built-in util module.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Make it possible to give externals names/util.inspect.custom
10 participants