Skip to content

SBULeeLab/node-cure-outreach

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

README.md

README.md

 
 

Repository files navigation

node-cure-outreach

In section 7 of our paper we described our efforts at outreach to the Node.js community.

Here are links to those efforts.

  1. We wrote a guide for nodejs.org. Our guide describes how to avoid Event Handler Poisoning attacks in Node.js. Our pull request benefited from helpful feedback from community members.
  2. We partitioned the implementation of fs.readFile in the core fs module. Before our change, fs.readFile would stat the file and then submit a single read spanning the entire file. If the file were large, this would block the Worker Pool. Our pull request partitions the read into chunks, with the same overall memory cost but improved sharing of the Worker Pool. The pull request was accepted after a months-long discussion on the performance-security tradeoff involved.
  3. We documented several "Vulnerable APIs", potential DoS vectors among the core APIs. These include fs.readFile (before our patch), crypto.randomBytes and crypto.randomFill, and child_process.spawn.

About

A collection of links summarizing our outreach efforts to the Node.js community

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published