Unsafe Buffer Allocation

What does this mean ?

Buffer.allocUnsafe(size); creates a new Buffer of size bytes. If size is 0, a zero-length Buffer is constructed. The underlying memory for these Buffer objects is not initialized. The newly generated Buffer's contents are unknown and may contain sensitive data.

What can happen ?

When Buffer.allocUnsafe() is called, the allocated memory segment is uninitialized (it is not zeroed-out). While this approach allows for quick memory allocation, the allocated region of memory may include outdated, possibly sensitive data. When reading a Buffer constructed by Buffer.allocUnsafe() without entirely overwriting the memory, this old data may be leaked.

Recommendation

• Buffer.alloc(size[, fill[, encoding]) creates a new Buffer with the provided size. This approach is slower than Buffer.allocUnsafe(size), but it ensures that freshly formed Buffer instances never include potentially sensitive old data. If size is not a number, a TypeError will be issued.
• Buffer.allocUnsafe(size) and Buffer.allocUnsafeSlow(size) both produce an empty Buffer of the provided size. Because the Buffer is uninitialized, the allocated portion of memory may contain potentially sensitive old data.

Sample Code

Node

Vulnerable :

const todo = new Schema({
    content    : Buffer,
    updated_at : Date
});

References

• https://github.com/gkouziik/eslint-plugin-security-node/blob/master/docs/rules/detect-buffer-unsafe-allocation.md/