github
/
duktape
mirror of https://github.com/svaarala/duktape.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Config option changes for paranoid errors

pull/417/head
Sami Vaarala 9 years ago
parent
77c2635ed5
commit
293b36e1b2
4 changed files with 18 additions and 17 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 15
      config/config-options/DUK_USE_PARANOID_ERRORS.yaml
  2. 14
      config/config-options/DUK_USE_VERBOSE_PROP_ERRORS.yaml
  3. 2
      config/examples/low_memory.yaml
  4. 4
      config/examples/security_sensitive.yaml

15
config/config-options/DUK_USE_PARANOID_ERRORS.yaml
View File

@ -0,0 +1,15 @@
define: DUK_USE_PARANOID_ERRORS
feature_enables: DUK_OPT_PARANOID_ERRORS
introduced: 1.4.0
default: false
tags:
- ecmascript
- sandbox
description: >
When enabled, error messages won't involve summarization of keys or values.
Summaries may be an issue in some security sensitive environments because
error messages will include e.g. property keys.
The default is to summarize offending base value and key for property access
errors such as "null.foo = 123;", invalid calls such as "undefined()", etc.
Base values and keys are summarized using duk_push_string_tval_readable().

14
config/config-options/DUK_USE_VERBOSE_PROP_ERRORS.yaml
View File

@ -1,14 +0,0 @@
define: DUK_USE_VERBOSE_PROP_ERRORS
feature_enables: DUK_OPT_VERBOSE_PROP_ERRORS
introduced: 1.4.0
default: true
tags:
- ecmascript
- sandbox
description: >
Summarize offending base value and key for property operation errors
such as "null.foo = 123;". Base values and keys are summarized using
duk_push_string_tval_readable().
The key/value summary includes string data which may be an issue for some
security critical environments. Disable this option in such environments.

2
config/examples/low_memory.yaml
View File

@ -16,7 +16,7 @@ DUK_USE_TRACEBACKS: false
DUK_USE_ERRCREATE: false
DUK_USE_ERRTHROW: false
DUK_USE_VERBOSE_ERRORS: false
DUK_USE_VERBOSE_PROP_ERRORS: false
DUK_USE_PARANOID_ERRORS: true
DUK_USE_DEBUGGER_SUPPORT: false # must be disabled if DUK_USE_PC2LINE is disabled
DUK_USE_PC2LINE: false
DUK_USE_LEXER_SLIDING_WINDOW: false

4
config/examples/security_sensitive.yaml
View File

@ -1,8 +1,8 @@
# Base configuration for security sensitive environments.
# Disable summary of object/key for rejected property operations. May be
# Avoid summary of object/key for rejected property operations. May be
# relevant if keys contain potentially sensitive information.
DUK_USE_VERBOSE_PROP_ERRORS: false
DUK_USE_PARANOID_ERRORS: true
# Disable tracebacks, minimizes attacker knowledge of call chains. Access
# to the internal error _Tracedata property provides access to all functions

Write Preview
Loading…
Cancel
Save