Skip to content

the dependency node-xmllint critical bug #7

Open
Open
the dependency node-xmllint critical bug#7
@augus-zz

Description

@augus-zz
augus-zz
opened on May 30, 2024

this pacakge depends on node-xmllint, when validate XML with node-xmllint.validateXML. it will register a drain event in process.stdout to exit the current process. but if no drain event emitted in current express request, this event did not unregister. once log a big data somewhere, the registered event will be emitted, this will make node process exit with code 0.

stacktrace

at exit (node_modules/.pnpm/node-xmllint@1.0.0/node_modules/node-xmllint/xmllint.js:242550:11)
at Object.callMain (node_modules/.pnpm/node-xmllint@1.0.0/node_modules/node-xmllint/xmllint.js:242496:4)
at doRun (node_modules/.pnpm/node-xmllint@1.0.0/node_modules/node-xmllint/xmllint.js:242532:59)
at run (node_modules/.pnpm/node-xmllint@1.0.0/node_modules/node-xmllint/xmllint.js:242544:4)
at Object.xmllint.validateXML (node_modules/.pnpm/node-xmllint@1.0.0/node_modules/node-xmllint/xmllint.js:242592:2)
at node_modules/.pnpm/@authenio+samlify-node-xmllint@2.0.0_samlify@2.8.6/node_modules/@authenio/samlify-node-xmllint/index.ts:15:34
at new Promise (<anonymous>)
at exports.validate (node_modules/.pnpm/@authenio+samlify-node-xmllint@2.0.0_samlify@2.8.6/node_modules/@authenio/samlify-node-xmllint/index.ts:14:10)
at Object.<anonymous> (node_modules/.pnpm/samlify@2.8.6/node_modules/samlify/src/libsaml.ts:708:22)
at step (node_modules/.pnpm/samlify@2.8.6/node_modules/samlify/build/src/libsaml.js:61:23)
at Object.next (node_modules/.pnpm/samlify@2.8.6/node_modules/samlify/build/src/libsaml.js:42:53)
at node_modules/.pnpm/samlify@2.8.6/node_modules/samlify/build/src/libsaml.js:36:71
at new Promise (<anonymous>)
at __awaiter (node_modules/.pnpm/samlify@2.8.6/node_modules/samlify/build/src/libsaml.js:32:12)
at Object.isValidXml (node_modules/.pnpm/samlify@2.8.6/node_modules/samlify/build/src/libsaml.js:588:20)
at node_modules/.pnpm/samlify@2.8.6/node_modules/samlify/src/flow.ts:201:17
at step (node_modules/.pnpm/samlify@2.8.6/node_modules/samlify/build/src/flow.js:33:23)
at Object.next (node_modules/.pnpm/samlify@2.8.6/node_modules/samlify/build/src/flow.js:14:53)
at node_modules/.pnpm/samlify@2.8.6/node_modules/samlify/build/src/flow.js:8:71
at new Promise (<anonymous>)
at __awaiter (node_modules/.pnpm/samlify@2.8.6/node_modules/samlify/build/src/flow.js:4:12)
at postFlow (node_modules/.pnpm/samlify@2.8.6/node_modules/samlify/build/src/flow.js:181:12)
at flow (node_modules/.pnpm/samlify@2.8.6/node_modules/samlify/src/flow.ts:456:12)

// package node-xmllint/xmllint.js (after formatted, because the source code in github is unavailable)
function exit(status) {
  console.trace("xmllint track exit called", {status})
  if (Module["noExitRuntime"]) {
           return
  }
  ABORT = true;
  EXITSTATUS = status;
  STACKTOP = initialStackTop;
  exitRuntime();
  if (ENVIRONMENT_IS_NODE) {
	  process["stdout"]["once"]("drain", (function () { // ========> register drain event here
		  console.trace("xmllint drain");
		  process["exit"](status)  // ========> exit current process
	  }));
	  console.log(" ");
  } else if (ENVIRONMENT_IS_SHELL && typeof quit === "function") {
	  quit(status)
  }
  throw new ExitStatus(status)
  }

flow:
samlify-node-xmllint.validate -> node-xmllint.validateXML (xmllint.js) -> node-xmllint.run (xmllint.js) -> node-xmllint.doRun (xmllint.js) -> node-xmllint.callMain (xmllint.js) -> node-xmllint.exit (xmllint.js)

Env:
Node: 18
OS: debian 12
Framework: Express
samlify: 2.8.6
authenio/samlify-node-xmllint: 2.0.0

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions