crypto: hide native handles from JS modules #22747
Conversation
nodejs-github-bot
added
the
crypto
tniessen
added
the
semver-major
|
It's likely safer to turn |
|
Definitely safer, yes, but I wonder whether people are using it at all. (I can't think of a single legitimate use case.) |
lib/internal/crypto/cipher.js
Outdated
| @@ -73,11 +75,11 @@ function getUIntOption(options, key) { | |||
| function createCipherBase(cipher, credential, options, decipher, iv) { | |||
| const authTagLength = getUIntOption(options, 'authTagLength'); | |||
|
|
|||
| this._handle = new CipherBase(decipher); | |||
| this[kHandle] = new CipherBase(decipher); | |||
| if (iv === undefined) { | |||
There was a problem hiding this comment.
Since the purpose of this is to hide the actual implementation details, I would prefer to use a non-enumerable symbol. Otherwise it will still show up in the repl and when inspecting the value (including console calls).
There was a problem hiding this comment.
I had the idea to do this after reviewing #22684. If we want to use non-enumerable symbols, maybe we should add that to the guidelines?
|
@nodejs/security-wg |
They likely aren't, but that doesn't make it any less the right thing to do... at least just for a single major cycle. Node.js 11 would not be a LTS branch so the deprecated aliases wouldn't be around for long. |
|
Does it make sense to add a test that will assert on this new expectation that |
tniessen
force-pushed
the
crypto-hide-native-handles
branch
from
8098199
to
ae70d12
Compare
tniessen
force-pushed
the
crypto-hide-native-handles
branch
from
ae70d12
to
4427dc2
Compare
|
I changed the PR to deprecate the |
tniessen
added
author ready
|
CI was stopped, resuming a previous build again... https://ci.nodejs.org/job/node-test-pull-request/17140/ |
tniessen
force-pushed
the
crypto-hide-native-handles
branch
from
16783a9
to
a5c9b02
Compare
tniessen
force-pushed
the
crypto-hide-native-handles
branch
from
a5c9b02
to
2e3353b
Compare
PR-URL: nodejs#22747 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
|
Landed in 0ade10d. |
tniessen
removed
the
author ready
|
|
Creating deprecated accessors each time an object is created is very time consuming. Refs: nodejs#22747 Fixes: nodejs#24266
Creating deprecated accessors each time an object is created is very time consuming. Refs: #22747 Fixes: #24266 PR-URL: #24269 Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Creating deprecated accessors each time an object is created is very time consuming. Refs: #22747 Fixes: #24266 PR-URL: #24269 Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Creating deprecated accessors each time an object is created is very time consuming. Refs: nodejs#22747 Fixes: nodejs#24266 PR-URL: nodejs#24269 Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Another attempt to reduce the undocumented API surface. I am defensively marking this as semver-major, but as far as I can tell, no popular packages are using these properties. It would be kind of pointless anyway since there is no advantage in using
_handlehere. (This is not true for other parts of our API, but it seems to be valid for the affected crypto APIs.)Checklist
make -j4 test(UNIX), orvcbuild test(Windows) passes