Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

lib: make validateAbortSignal stricter #40657

Closed

Conversation

VoltrexKeyva
Copy link
Member

We should not force-check if the passed signal is NOT undefined and then proceed to check whether the value is an abort signal or not as the validator won't throw an error if the value is undefined as we straight up validate the values instead of checking if they're not undefined first. This unnecessary check can be done explicitly outside of the validator to only pass the value to the validator if its not undefined.

@nodejs-github-bot nodejs-github-bot added the needs-ci PRs that need a full CI run. label Oct 29, 2021
@targos
Copy link
Member

targos commented Oct 29, 2021

SGTM, but I'm surprised that no other code needs to be changed.

lib/internal/validators.js Outdated Show resolved Hide resolved
@VoltrexKeyva VoltrexKeyva force-pushed the make-validator-stricter branch 4 times, most recently from cce3af9 to 4d09127 Compare October 29, 2021 20:49
@Linkgoron
Copy link
Member

Linkgoron commented Oct 29, 2021

I'm not sure I see how this is an improvement, it adds a lot of code duplication to most places as usually abort signal is an optional parameter. Note that there are at least 5-10 more places you'd need to change.

@VoltrexKeyva
Copy link
Member Author

I'm not sure I see how this is an improvement, it adds a lot of code duplication to most places as usually abort signal is an optional parameter. Note that there are at least 5-10 more places you'd need to change.

The main goal isn't really to apply any improvements as there's not much to improve, these changes are made to achieve consistency with the other validators and also allow the validator to throw an error if the value is not exactly the expected value instead of letting a specific value as undefined slip through the validation.

@Linkgoron
Copy link
Member

Linkgoron commented Oct 29, 2021

I'm not sure I see how this is an improvement, it adds a lot of code duplication to most places as usually abort signal is an optional parameter. Note that there are at least 5-10 more places you'd need to change.

The main goal isn't really to apply any improvements as there's not much to improve, these changes are made to achieve consistency with the other validators and also allow the validator to throw an error if the value is not exactly the expected value instead of letting a specific value as undefined slip through the validation.

There are quite a few validators that allow null/undefined e.g. in child_process - validateTimeout, validateMaxBuffer and sanitizeKillSignal, or in dns validateHints - and there are others.

IMO a better solution would be to add a second parameter named required with a default value of false like validateBitLength in crypto - although I'm not sure if there are any places that use this specific method and require an abort-signal.

@VoltrexKeyva
Copy link
Member Author

I'm not sure I see how this is an improvement, it adds a lot of code duplication to most places as usually abort signal is an optional parameter. Note that there are at least 5-10 more places you'd need to change.

The main goal isn't really to apply any improvements as there's not much to improve, these changes are made to achieve consistency with the other validators and also allow the validator to throw an error if the value is not exactly the expected value instead of letting a specific value as undefined slip through the validation.

There are quite a few validators that allow null/undefined e.g. in child_process - validateTimeout, validateMaxBuffer and sanitizeKillSignal, or in dns validateHints - and there are others.

IMO a better solution would be to add a second parameter named required with a default value of false like validateBitLength in crypto - although I'm not sure if there are any places that use this specific method and require an abort-signal.

Those custom validators are made and mostly used specifically for the subsystem they're created in, thus not making them a part of them main validators that are used all across the code base of node. The main goal here is to keep consistency of the main validators, and yes, there's a few places where they require an abort signal, such as the following; as this one creates it's own validateAbortSignal() validator instead of using the main one just for the sake of the main validateAbortSignal() validator not throwing an error for an undefined value and ignoring it:

const validateAbortSignal = (signal, name) => {
if (typeof signal !== 'object' ||
!('aborted' in signal)) {
throw new ERR_INVALID_ARG_TYPE(name, 'AbortSignal', signal);
}
};

@Linkgoron
Copy link
Member

Linkgoron commented Oct 29, 2021

such as the following; as this one creates it's own validateAbortSignal() validator instead of using the main one just for the sake of the main validateAbortSignal() validator not throwing an error for an undefined value and ignoring it:

const validateAbortSignal = (signal, name) => {
if (typeof signal !== 'object' ||
!('aborted' in signal)) {
throw new ERR_INVALID_ARG_TYPE(name, 'AbortSignal', signal);
}
};

That is not the reason that it was copied. The reason that it's copied there is for inlining, which is stated above the method. There's a discussion about it here: #36061 (comment)

@VoltrexKeyva
Copy link
Member Author

VoltrexKeyva commented Oct 29, 2021

such as the following; as this one creates it's own validateAbortSignal() validator instead of using the main one just for the sake of the main validateAbortSignal() validator not throwing an error for an undefined value and ignoring it:

const validateAbortSignal = (signal, name) => {
if (typeof signal !== 'object' ||
!('aborted' in signal)) {
throw new ERR_INVALID_ARG_TYPE(name, 'AbortSignal', signal);
}
};

That is untrue, the reason that it's copied there is for inlining, which is stated above the method. There's a discussion about it here: #36061 (comment)

Oh, that is interesting; although the goal still stands for consistency with all the main validators, your idea of the inclusion of an optional parameter to gate the logic of whether or not the value is required is not entirely a bad approach, but it breaks the consistency with the other main validators until we change them all as well, which just changing this one seems to accomplish the goal, wdyt?

@VoltrexKeyva VoltrexKeyva force-pushed the make-validator-stricter branch 4 times, most recently from 26cd607 to 77a1d3a Compare October 30, 2021 14:21
We should not force-check if the passed signal is **NOT** undefined
and then proceed to check whether the value is an abort signal or not
as the validator won't throw an error if the value is undefined as we
straight up validate the values instead of checking if they're not
undefined first. This unnecessary check can be done explicitly outside
of the validator to only pass the value to the validator if its not
undefined.
@VoltrexKeyva VoltrexKeyva force-pushed the make-validator-stricter branch from 77a1d3a to 0cf6999 Compare October 30, 2021 17:00
@VoltrexKeyva VoltrexKeyva added the request-ci Add this label to start a Jenkins CI on a PR. label Oct 30, 2021
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Oct 30, 2021
@nodejs-github-bot
Copy link
Collaborator

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
needs-ci PRs that need a full CI run.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants