-
Notifications
You must be signed in to change notification settings - Fork 30.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
late code injection #37440
Comments
@gireeshpunathil, I have been working on a somehow linked use case for that through using the debugger: https://blog.sqreen.com/remote-debugging-nodejs-runtime-code-injection/ would that match your user story ? |
thanks @vdeturckheim , this is a great article! technically this matches my use case in that:
here are potential divergence:
|
PR: #37503 |
Can you explain why that would not be good?
Doesn't https://nodejs.org/api/inspector.html#inspector_inspector_close solve this for you? |
I can agree that using the inspector is not always ideal. Certain commands may randomly deoptimize code, for example. I also agree that NODE_OPTIONS=--require seems like an appropriate solution to this. |
@addaleax - it is not about functional correctness, or my conviction of its greatness. Containerized production deployments run with a lot of audit / restrictions / compliance, and I don't think ability to opening a debug port will pass such an audit.
ok, I wasn't sure how can I get a reference to the running instance of the inspector, from my handler code. |
But executing arbitrary code at runtime will pass such an audit...? That sounds very odd to me. Ultimately, if you're trying to do that, then you'll need to communicate with that process, and there's a limited number of ways to do so. If raising a signal doesn't work because passing parameters that way is hard and you don't want to pre-set paramters in advance (which is fair), then you will need another communication channel, and most likely that's going to look like a debug port or a unix domain socket or something similar, I think. It might make sense to be more specific about the exact requirements you have here. |
@addaleax - the Exact requirement:
Reference: Java has a feature called
They use a second Java process as an attacher and complex hand-shaking process before the code is attached I guess, but I don't know the internals fully to comment further. |
aside from googling "java late attach" showing a bunch of articles recommending that you disable it for security reasons, doesn't that go against your own point about about auditing? it might help if you were more concrete in your requirements. |
@devsnek - the In terms of concreteness, didn't my previous comment cover that? I specified the requirement, the use case, and the choice that can be made in the implementation. What else would you like to know? here is a user scenario:
|
For example, what would or would not pass the audits you say need to be passed? And assuming that between now and when you want to use this feature, there will have to be another deploy, at least to update node, why can't you use that opportunity to deploy your own system as was suggested in the other thread? |
standard practices: usage of stable features.
this is not just about |
Then, from a practical point of view, the best way forward might be if you opened a PR to mark the inspector module as stable. That seems long overdue anyway, it’s been 1½ years since the last API change.
I would absolutely also warn against late code injection in production in general. But if you really want to do it, then I think “the inspector is not built with production environments in mind” is not a strong enough reason not to use it and to introduce a new, feature-equivalent API that does a subset of what you can already do through the inspector API. (Also, I’m not sure about the V8 internals here, but I would not expect V8 to de-optimize anything if you’re only running new code that was not previously present in the process.) The inspector is also the only thing that would currently let you inject new code into arbitrary Worker threads, as far as I know – since those are similar to full Node.js processes, that seems like a concern here as well. |
The module has been there for a while, evidence of usage in the field exists, and we have good test coverage for it. Last API change has been 18 months ago. Refs: nodejs#37440 (comment)
The module has been there for a while, evidence of usage in the field exists, and we have good test coverage for it. Last API change has been 18 months ago. Refs: #37440 (comment) PR-URL: #37748 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Benjamin Gruenbaum <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Jiawen Geng <[email protected]> Reviewed-By: James M Snell <[email protected]>
The module has been there for a while, evidence of usage in the field exists, and we have good test coverage for it. Last API change has been 18 months ago. Refs: #37440 (comment) PR-URL: #37748 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Benjamin Gruenbaum <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Jiawen Geng <[email protected]> Reviewed-By: James M Snell <[email protected]>
The module has been there for a while, evidence of usage in the field exists, and we have good test coverage for it. Last API change has been 18 months ago. Refs: #37440 (comment) PR-URL: #37748 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Benjamin Gruenbaum <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Jiawen Geng <[email protected]> Reviewed-By: James M Snell <[email protected]>
The module has been there for a while, evidence of usage in the field exists, and we have good test coverage for it. Last API change has been 18 months ago. Refs: #37440 (comment) PR-URL: #37748 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Benjamin Gruenbaum <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Jiawen Geng <[email protected]> Reviewed-By: James M Snell <[email protected]>
There has been no activity on this feature request for 5 months and it is unlikely to be implemented. It will be closed 6 months after the last non-automated comment. For more information on how the project manages feature requests, please consult the feature request management document. |
closing, as its stated purpose is partially met through inspector. |
Is your feature request related to a problem? Please describe.
Currently, a node process cannot receive and execute custom code after it has started. For monitoring tools, a common use case is to be able to attach to an arbitrary process, inject a (tracing) code, instruct the runtime to execute that, and optionally detach from the process.
Describe the solution you'd like
agent
) is loadedexecute
) is executedDescribe alternatives you've considered
The text was updated successfully, but these errors were encountered: