-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introducing Audit Hooks to Node.js #626
Comments
I'm generally in favour, there isn't any particular blockers to doing this, other than that someone has to do the work. :-) |
I'm also generally in favor but we'd have to consider potential performance overhead, particularly when the hooks are not in use. |
@sam-github I'll probably explore it to implement the @cjihrig yep, performance would be the main point here! I am not even sure of the right depth (having this implemented in JS vs in native land) yet. |
I would very much like to see it happen 👍. |
If we can ensure the performance impact is acceptable this seems interesting to me as well. |
This seems reasonable and aligns with the vision I have had. That said, I do think any such API needs to be much more robust than what we often do in Core these days with mutable internals. |
@bmeck in term of performance, mutable internals seems to be the simplest way. Do you forsee another strategy that could work here? |
@vdeturckheim I guess I should clarify my concerns. My concern is mutable globals/builtins affecting audit hooks. E.G. Someone replacing If the mutation is able to remove the hook without directly manipulating the actual hook code, that is problematic I would think. The only way that seems safe is if you audit all your hook code, allow it to run prior to any untrusted code, and have a way to ensure they have access to the primordials they need (I wouldn't want to encourage I'm not really worried about performance but about the reliability of the feature itself. If it isn't reliable, we probably shouldn't encourage it. |
@vdeturckheim that seems reasonable, but we would want to make sure we document all the bindings we expose and I'd still be concerned with global mutations. I know we have |
@bmeck I understand. I guess there is only one way to know for sure! I will try to PoC hooking |
I'm also in favor of this. Sounds like that what the people of NodeSource provide with NSolid https://nodesource.com/products/nsolid It might make sense to allow users to control this through the Policy API, similar to Deno and other solutions on npm. |
@DanielRuf Thanks for the refs. I digged into NSolid's doc but could not find details about this. Do you know where I could find it? |
I think there was more information in the past. Only https://docs.nodesource.com/nsolid/3.8/docs is still available. |
@vdeturckheim I think this should be discussed in Node.js core, and ping the sec folks here to ask them if they have comments. Of was there something specific to add in the agenda? |
This issue is stale because it has been open many days with no activity. It will be closed soon unless the stale label is removed or a comment is made. |
Last year, Python introduced audit hooks to the language.
In short, this is an API allowing users to:
Another bonus is that we could add a hook to
eval
and finally provide a good way to monitor its usage.I remember that Microsoft team was intereted in having such an API (I understand they drove the effort in Python).
For reference, the Python spec is here https://www.python.org/dev/peps/pep-0578/
Is there any strong opinions on that topic?
The text was updated successfully, but these errors were encountered: