The Author Online Book Forums are Moving

The Author Online Book Forums will soon redirect to Manning's liveBook and liveVideo. All book forum content will migrate to liveBook's discussion forum and all video forum content will migrate to liveVideo. Log in to liveBook or liveVideo with your Manning credentials to join the discussion!

Thank you for your engagement in the AoF over the years! We look forward to offering you a more enhanced forum experience.

Kevin Wang (3) [Avatar] Offline
#1
Hi Yan,

I got a buffer overflow detected error after I run a function several times. After I removed the FunctionShield from my function, the error was gone. I used the approach you showed in the video to wrap the the function shield in a middleware. I will attach the log below. Please give me some hints about why this happens. Thank you so much.

Oh, btw, do you know whether the FunctionShield can setup a white list for some outbound internet connectivities?

The error log:

15:39:00
*** buffer overflow detected ***: /var/lang/bin/node terminated

15:39:00
======= Backtrace: =========

15:39:00
/lib64/libc.so.6(__fortify_fail+0x37)[0x7f0f0dd33d47]

15:39:00
/lib64/libc.so.6(+0x10df00)[0x7f0f0dd31f00]

15:39:00
/lib64/libc.so.6(+0x10cecb)[0x7f0f0dd30ecb]

15:39:00
/tmp/function-shield-assets/prebuilds/linux-x64/../../lib/libfunctionshieldcore.so(functionshieldcore_configure+0xc9)[0x7f0f0b1e19f9]

15:39:00
/tmp/function-shield-assets/prebuilds/linux-x64/node-57.node(_Z9configureRKN3Nan20FunctionCallbackInfoIN2v85ValueEEE+0x1b0)[0x7f0f0b404720]

15:39:00
/tmp/function-shield-assets/prebuilds/linux-x64/node-57.node(+0x18d5)[0x7f0f0b4048d5]

15:39:00
/var/lang/bin/node(_ZN2v88internal25FunctionCallbackArguments4CallEPFvRKNS_20FunctionCallbackInfoINS_5ValueEEEE+0x16c)[0x55a31851a5bc]

15:39:00
/var/lang/bin/node(+0x905c7d)[0x55a3185a4c7d]

15:39:00
/var/lang/bin/node(_ZN2v88internal21Builtin_HandleApiCallEiPPNS0_6ObjectEPNS0_7IsolateE+0xcb)[0x55a3185a550b]
Kevin Wang (3) [Avatar] Offline
#2
Ok. Just found out the problem is the FuncShield.configure cannot be called multiple times. That is why the official demo put the FuncShield.configure out of the handler function. So, if we want to use a middleware to load the FunctionShield, a variable should be used to prevent it to be called more than once.

I hope this can help other users as well. smilie

I am still looking for whether The Function Shield can setup a whitelist for the outbound internet activities.


Update:

I just found out the middy library actually has a middleware to handle the function shield which is very convenient.
Yan Cui (73) [Avatar] Offline
#3
Ah I see. I'll report that to the Puresec folks, I was under the impression that it's safe to call configure multiple times to temporarily enable public internet access for instance.

And yes, after I told Ory Segal (Puresec CTO) about adding FunctionShield as a custom middleware in the course, someone from Puresec pushed a PR to include it as an official middleware for middy, happy days smilie