coapjs / coap-packet Goto Github PK

Greetings!

I noticed that Buffer() is still being used in the index.js on line 2 and 43 which appear to be just allocating size.

I changed them to Buffer.alloc() and everything still seems to work as intended. Unless I'm reading the code incorrectly would it be possible to update those?

(node:50857) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead

I have an issue with a Google Chrome App I'm working on. Due to Chrome's restricted Content Security Policy I am unable to use 'unsafe-eval'.

The function optionNumberToString is considered unsafe due to it's use of the Function object constructor to evaluate the number passed in. Here is the function in question:

var numMap  = {
    '1': 'If-Match'
  , '3': 'Uri-Host'
  , '4': 'ETag'
  , '5': 'If-None-Match'
  , '6': 'Observe'
  , '7': 'Uri-Port'
  , '8': 'Location-Path'
  , '11': 'Uri-Path'
  , '12': 'Content-Format'
  , '14': 'Max-Age'
  , '15': 'Uri-Query'
  , '17': 'Accept'
  , '20': 'Location-Query'
  , '23': 'Block2'
  , '27': 'Block1'
  , '35': 'Proxy-Uri'
  , '39': 'Proxy-Scheme'
  , '60': 'Size1'
}

var optionNumberToString = (function genOptionParser() {

  var code = Object.keys(numMap).reduce(function(acc, key) {

    acc += 'case ' + key + ':\n'
    acc += '  return \'' + numMap[key] +'\'\n'

    return acc
  }, 'switch(number) {\n')

  code += 'default:\n'
  code += 'return \'\' + number'
  code += '}\n'

  return new Function('number', code)
})();

var a = optionNumberToString(5); // returns 'If-None-Match'
var b = optionNumberToString(23); // returns 'Block2'
var c = optionNumberToString(99); // returns '99'

The following function seems to me to be equal, is easier to understand (at least to me) and most importantly is considered safe:

var optionNumberToStringSafe = function(number){
    if (numMap.hasOwnProperty(number)){
        return numMap[number];
    } else {
        return '' + number;
    }
};

var aa = optionNumberToStringSafe(5); // returns 'If-None-Match'
var bb = optionNumberToStringSafe(23); // returns 'Block2'
var cc = optionNumberToStringSafe(99); // returns '99'

Or am I missing something?

With the latest additions it would be great if a new version of coap-packet could be published to npm.

Hi,

First, thank you for the good work so far!

Now the issue: the structure of the options is not according with the CoAP specs v18. According with the specs, the Option Delta Extended (0-2 bytes) and Option Length Extended (0-2 bytes) are used only if the 4bit Option Delta and respectively 4bit Option Length values are greater than value 12. This means, the Option Header is composed of 1 mandatory byte and 0-4 bytes based on the 2 values stored by the first byte. The implementation of this module adds by default 5 bytes plus value, which makes this module incompatible with applications that follows the specs in CoAP message encoding ( as my on the go CoAP library I write for AVR MCUs with 2k ram or less for being used with small IoT sensor/actuator nodes).

Best regards,
Mircea.

The function fillGenDefaults overwrites packet.messageId if the original value of packet.messageId is 0 because of the check:

if (!packet.messageId)
packet.messageId = nextMsgId++

I think (please, correct me if I'm wrong) that 0 is a valid value for packet.messageId, so messageId should be overwritten only if it is null, undefined, or the messageId property added to packet and initialized if packet does not have this property.

Thank you for your excellent work.

Hi

In the basic example code, the coapPacket should be rename to package.