Module Keys
Communications channels between modules that allow granting
different privileges to some modules than others.
Why Module Keys?
Module Keys provide a way for one module to grant privileges to another
module without granting that privilege to every module.
A development team might npm install example-package
and trust it to
work as advertised, but not trust all of its dependencies or its
dependencies' dependencies with unmitigated access to powerful APIs
like child_process
since subtle bugs can have disastrous consequences
when exposed to attacker-controlled inputs.
Module keys enable secure code patterns like those in the examples below.
They can combine with module loader hooks and other mechanisms to bound
the security consequences of common bugs and the amount of code
that might be involved in certain kinds of security failures helping
security reviewers to focus their attention.
See also node-sec-patterns
which makes these patterns easy to express.
Installing
$ npm install --save module-keys
Babel Plugin
The babel plugin will add keys to all your modules.
Via .babelrc (Recommended)
Add the following line to your .babelrc
file:
{
"plugins": ["module-keys/babel"]
}
Via CLI
babel --plugins module-keys/babel script.js
Via Node API
require("@babel/core").transform("code", {
plugins: ["module-keys/babel"]
});
CommonJS Modules
Once you've run the Babel plugin over your modules, each module will have
its own keys available via require.keys
, and will export its publicKey
if doing so would not conflict with an explicit export.
require.keys.box(...);
ES6 Modules
The Babel plugin will treat any source file with an export
declaration
as an ES6 module, and instead define a local moduleKeys
which has the API
below.
moduleKeys.box(...);
API
class Box
A box is a container for a value that may only be opened by an authorized opener.
Boxes are opaque values, and the contained value can only be accessed by passing
them to a .unbox
which is described below.
const { Box } = require('module-keys');
import { Box } from './path/to/module-keys';
box
.box(value, mayOpen)
creates a Box
that may only be opened by an .unbox
method.
value - returned when the returned Box
is unboxed.
mayOpen - a function that takes a public key. It should return true if the
public key identifies an unbox
method that should be allowed access to value.
Returns an instance of class Box
.
const { publicKey: fooKey } = require('./foo');
const box = require.box(value, (k) => k === fooKey && k());
import { publicKey as fooKey } from './foo';
export const box = moduleKeys.box(value, (k) => k === fooKey && k());
unbox
.unbox(box, ifFrom, fallback)
opens a Box
while optionally checking its
source.
box - A Box
ifFrom - A function that takes a public key. It should return true if
the caller wishes to receive values boxed by the .box
method associated
with the key.
fallback - A value to return if unboxing fails. Defaults to undefined
.
Returns the boxed value if mayOpen(publicKey)
is true and ifFrom
returns
true when passed the boxer's public key. Otherwise returns fallback.
const { publicKey: barKey } = require('./bar');
function f(box) {
console.log(`I got ${ require.unbox(box, () => true, 'a box I cannot open') }`)
}
import { publicKey as barKey } from './bar';
function f(box) {
console.log(`I got ${ moduleKeys.unbox(box, () => true, 'a box I cannot open') }`)
}
unboxStrict
.unboxStrict(box, ifFrom)
is the same as .unbox(box, ifFrom)
but raises
an Error
if unboxing fails.
isPublicKey
isPublicKey(x)
is true if x
is a public key.
This may be called in key predicates to ensure that keys will not themselves
perform an operation that enters a private key context.
const { isPublicKey } = require('module-keys');
import { isPublicKey } from 'module-keys';
privateKey
.privateKey(f)
is a function that calls f()
and returns its results.
Any calls to .publicKey()
during the call to f()
will return true.
f - a zero argument function
Warning: Do not export your private keys as that will allow other code
to masquerade as you. If you need to export your private key to another module,
put it in a box that is only openable by that module.
publicKey
.publicKey()
returns true if called in the context
The Babel plugin auto-exports public keys for all processed modules.
const { publicKey: fooPublicKey } = require('./foo');
import { publicKey as fooPublicKey } from './foo';
makeModuleKeys
makeModuleKeys()
returns a new module keys bundle with its own
.box
, .unbox
, .unboxStrict
, .publicKey
, and .privateKey
properties.
const { makeModuleKeys } = require('module-keys');
import { makeModuleKeys } from 'module-keys';
publicKeySymbol
publicKeySymbol
is a Symbol
that may be used to unambiguously attach a public key to a JavaScript object.
CommonJS export bundles have a symbol property that refers to the public key in addition
to any "publicKey"
property.
const { publicKeySymbol } = require('module-keys');
import { publicKeySymbol } from 'module-keys';