coapjs / coap-packet Goto Github PK
View Code? Open in Web Editor NEWGenerate and Parse CoAP packets
License: MIT License
Generate and Parse CoAP packets
License: MIT License
Greetings!
I noticed that Buffer() is still being used in the index.js on line 2 and 43 which appear to be just allocating size.
I changed them to Buffer.alloc() and everything still seems to work as intended. Unless I'm reading the code incorrectly would it be possible to update those?
(node:50857) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead
I have an issue with a Google Chrome App I'm working on. Due to Chrome's restricted Content Security Policy I am unable to use 'unsafe-eval'.
The function optionNumberToString is considered unsafe due to it's use of the Function object constructor to evaluate the number passed in. Here is the function in question:
var numMap = {
'1': 'If-Match'
, '3': 'Uri-Host'
, '4': 'ETag'
, '5': 'If-None-Match'
, '6': 'Observe'
, '7': 'Uri-Port'
, '8': 'Location-Path'
, '11': 'Uri-Path'
, '12': 'Content-Format'
, '14': 'Max-Age'
, '15': 'Uri-Query'
, '17': 'Accept'
, '20': 'Location-Query'
, '23': 'Block2'
, '27': 'Block1'
, '35': 'Proxy-Uri'
, '39': 'Proxy-Scheme'
, '60': 'Size1'
}
var optionNumberToString = (function genOptionParser() {
var code = Object.keys(numMap).reduce(function(acc, key) {
acc += 'case ' + key + ':\n'
acc += ' return \'' + numMap[key] +'\'\n'
return acc
}, 'switch(number) {\n')
code += 'default:\n'
code += 'return \'\' + number'
code += '}\n'
return new Function('number', code)
})();
var a = optionNumberToString(5); // returns 'If-None-Match'
var b = optionNumberToString(23); // returns 'Block2'
var c = optionNumberToString(99); // returns '99'
The following function seems to me to be equal, is easier to understand (at least to me) and most importantly is considered safe:
var optionNumberToStringSafe = function(number){
if (numMap.hasOwnProperty(number)){
return numMap[number];
} else {
return '' + number;
}
};
var aa = optionNumberToStringSafe(5); // returns 'If-None-Match'
var bb = optionNumberToStringSafe(23); // returns 'Block2'
var cc = optionNumberToStringSafe(99); // returns '99'
Or am I missing something?
With the latest additions it would be great if a new version of coap-packet
could be published to npm.
Hi,
First, thank you for the good work so far!
Now the issue: the structure of the options is not according with the CoAP specs v18. According with the specs, the Option Delta Extended (0-2 bytes) and Option Length Extended (0-2 bytes) are used only if the 4bit Option Delta and respectively 4bit Option Length values are greater than value 12. This means, the Option Header is composed of 1 mandatory byte and 0-4 bytes based on the 2 values stored by the first byte. The implementation of this module adds by default 5 bytes plus value, which makes this module incompatible with applications that follows the specs in CoAP message encoding ( as my on the go CoAP library I write for AVR MCUs with 2k ram or less for being used with small IoT sensor/actuator nodes).
Best regards,
Mircea.
The function fillGenDefaults overwrites packet.messageId if the original value of packet.messageId is 0 because of the check:
if (!packet.messageId)
packet.messageId = nextMsgId++
I think (please, correct me if I'm wrong) that 0 is a valid value for packet.messageId, so messageId should be overwritten only if it is null, undefined, or the messageId property added to packet and initialized if packet does not have this property.
Thank you for your excellent work.
Hi
In the basic example code, the coapPacket should be rename to package.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.