-
Notifications
You must be signed in to change notification settings - Fork 29.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: allow monkey patching of pseudoRandomBytes #24108
Conversation
/CC @nodejs/crypto |
Hello @Flarna and thank you for the contribution. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. The monkey patchability of the API surface isn't usually tested or documented, so while I'm usually a big fan of both, I don't personally think its necessary in this case. I can't think of any other APIs where we document the reassignability of the function. Monkey-patchability isn't something we formally commit to, but in the interests of supporting APM vendors, if the maintenance cost is low I don't think we should get in its way, either. This change looks to me to have very low maintenance cost.
Sure, I can add tests. |
Af I see it most of our current monkey patchability was just emergent. This is a bit different since we are enabling this explicitly and so IMHO we should commit to. |
I think the main target of the initial change was just to have the APIs not enumerable. I think it would be good to define a guideline for deprecations like this to get a consistent API. |
@nodejs/security-wg |
Updated by setting also |
Make `pseudoRandomBytes` and it's aliases `prng` and `rng` configurable to allow monkey patching.
add test
Is there anything left I have to do with this PR? |
@Flarna No, sorry for the delay. CI: https://ci.nodejs.org/job/node-test-pull-request/18857/ |
Landed in f85d636 |
Make `pseudoRandomBytes` and it's aliases `prng` and `rng` configurable to allow monkey patching. PR-URL: nodejs#24108 Refs: nodejs#22519 Refs: nodejs#23017 Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Ujjwal Sharma <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Vladimir de Turckheim <[email protected]> Reviewed-By: James M Snell <[email protected]>
Make `pseudoRandomBytes` and it's aliases `prng` and `rng` configurable to allow monkey patching. PR-URL: #24108 Refs: #22519 Refs: #23017 Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Ujjwal Sharma <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Vladimir de Turckheim <[email protected]> Reviewed-By: James M Snell <[email protected]>
Make `pseudoRandomBytes` and it's aliases `prng` and `rng` configurable to allow monkey patching. PR-URL: #24108 Refs: #22519 Refs: #23017 Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Ujjwal Sharma <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Vladimir de Turckheim <[email protected]> Reviewed-By: James M Snell <[email protected]>
Make `pseudoRandomBytes` and it's aliases `prng` and `rng` configurable to allow monkey patching. PR-URL: nodejs#24108 Refs: nodejs#22519 Refs: nodejs#23017 Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Ujjwal Sharma <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Vladimir de Turckheim <[email protected]> Reviewed-By: James M Snell <[email protected]>
This change does not land cleanly on |
@BethGriggs This change is not applicable to |
Make
pseudoRandomBytes
and it's aliasesprng
andrng
configurable to allow monkey patching.
Background: Some modules still use these deprecated APIs (see e.g.
#23013) and therefore these APIs are only pending deprecated. As APM
vendor we can't decide which modules customers so we need a way to
monitor also the aliases similar as the correct API. Current way to
do this is monkey patching.
Maybe we could even consider to set
writeable: true
.If there are good arguments to keep it as it is I'm also fine with
closing this PR.
Refs: #22519
Refs: #23017
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes