Unnecessary register of uncaughtException handlers about samlify-node-xmllint HOT 7 OPEN

Update; we have been running the above version in production across all our customers integrating with various SAML 2.0 providers (Google Workspace, Okta, Azure AD, and more). We have not observed any memory leak after switching to https://www.npmjs.com/package/samlify-validator-js (github)

from samlify-node-xmllint.

I took the job of forking this library and in-lined "node-xmllint" (orginal repo is removed). I manually patched the memory leak in node-xmllint.

This is the result, currently validating in a real application:
https://www.npmjs.com/package/samlify-validator-js

from samlify-node-xmllint.

I'm trying to figure why my app memory usage is growing slowly but quite linear . This is Node-Express app transpiled via TypeScript. I made a shell-script for recording mem usage (via pm2) :

2021-10-05 09:20:01 ==>  117.5mb
2021-10-05 09:30:01 ==>  117.7mb
2021-10-05 09:40:01 ==>  117.8mb
2021-10-05 09:50:01 ==>  116.7mb
2021-10-05 10:00:01 ==>  130.0mb
2021-10-05 10:10:01 ==>  148.1mb
2021-10-05 10:20:01 ==>  147.7mb
2021-10-05 10:25:01 ==>  158.9mb
2021-10-05 10:30:01 ==>  156.1mb
2021-10-05 10:35:01 ==>  164.2mb

There was several authentication tasks while this test, and one to suspect specially is :

node-xmllint : Handler is registered with each reference to this library which might lead to memory leaks.

Does anyone know how can I ensure this happening, because there are also other possibilities for growing mem usage.

from samlify-node-xmllint.

Think it's fixed now.

I had set schemaValidator to :
const validator = require('@authenio/samlify-validate-with-xmllint');

and now removed it totally, and skipped whole validation by :

samlify.setSchemaValidator({
    validate: (response: string) => {
        return Promise.resolve('skipped');
    }
});

Mem usage seems to be ok now, and linear growing has disappered.

Could you add some warning to docs, maybe Deprecated, to @authenio/samlify-validate-with-xmllint.
I bet it can harm similar Express apps like this, if used.

from samlify-node-xmllint.

@netmiller Does this mean you're not doing any XML validation at all?

from samlify-node-xmllint.

True. My only IdP is national security authority, and I can suppose the XML they provide is valid and checked properly.

from samlify-node-xmllint.

I also encountered the issue very randomly - running HAPI web server on Node. Sometimes when logging has a big payload, on drain of stdout event node-xmllint quits the process like nothing happened, no exception!!!
Workaround with turning off validation works, but would appreciate a long term fix.

from samlify-node-xmllint.