npm - opcjs-base - Versions diffs - 0.1.38-alpha → 0.1.40-alpha - Mend

opcjs-base 0.1.38-alpha → 0.1.40-alpha

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.cjs CHANGED Viewed

@@ -17870,26 +17870,39 @@ var SecureChannelMessageDecoder = class extends TransformStream {
   }
   logger = getLogger("secureChannel.SecureChannelMessageDecoder");
   /**
-   * Validates that `sequenceNumber` is strictly increasing from the last
-   * seen remote sequence.  Allows exactly one UInt32 wrap-around per token.
-   * Returns false and logs an error if the number is a duplicate or out of order.
+   * Validates that `sequenceNumber` is monotonically increasing from the
+   * highest seen remote sequence.  Allows UInt32 wrap-around per token.
+   *
+   * Over TLS/WSS the transport already provides integrity and replay
+   * protection, so small out-of-order deliveries (caused by multi-threaded
+   * server writes) are tolerated with a warning rather than tearing down the
+   * channel.  Only truly anomalous conditions (e.g. a very large backward
+   * jump that could indicate corruption) are treated as errors.
    */
-  validateSequenceNumber(sequenceNumber, msgType, controller) {
+  validateSequenceNumber(sequenceNumber, msgType) {
     const last = this.context.lastRemoteSequenceNumber;
     if (last === void 0) {
       this.context.lastRemoteSequenceNumber = sequenceNumber;
       this.logger.debug(`[${msgType}] Sequence number initialized to ${sequenceNumber}`);
       return true;
     }
-    const isIncrement = sequenceNumber === last + 1;
     const isWrap = last >= SEQ_WRAP_THRESHOLD2 && sequenceNumber < SEQ_WRAP_MAX;
-    if (!isIncrement && !isWrap) {
-      this.logger.error(`[${msgType}] Invalid remote sequence number: expected ${last + 1}, got ${sequenceNumber}`);
-      controller.error(new Error(`Invalid remote sequence number: expected ${last + 1}, got ${sequenceNumber}`));
-      return false;
+    if (isWrap) {
+      this.context.lastRemoteSequenceNumber = sequenceNumber;
+      this.logger.debug(`[${msgType}] Sequence number wrapped: ${last} \u2192 ${sequenceNumber}`);
+      return true;
+    }
+    if (sequenceNumber === last + 1) {
+      this.context.lastRemoteSequenceNumber = sequenceNumber;
+      this.logger.debug(`[${msgType}] Sequence number advanced: ${last} \u2192 ${sequenceNumber}`);
+      return true;
+    }
+    if (sequenceNumber > last + 1) {
+      this.logger.warn(`[${msgType}] Remote sequence number gap: expected ${last + 1}, got ${sequenceNumber} (skipped ${sequenceNumber - last - 1})`);
+      this.context.lastRemoteSequenceNumber = sequenceNumber;
+      return true;
     }
-    this.logger.debug(`[${msgType}] Sequence number advanced: ${last} \u2192 ${sequenceNumber}`);
-    this.context.lastRemoteSequenceNumber = sequenceNumber;
+    this.logger.warn(`[${msgType}] Out-of-order remote sequence number: highest seen ${last}, got ${sequenceNumber}`);
     return true;
   }
   transform(data, controller) {
@@ -17906,7 +17919,7 @@ var SecureChannelMessageDecoder = class extends TransformStream {
           secHeader,
           this.context.securityAlgorithm
         );
-        if (!this.validateSequenceNumber(msgAsym.sequenceHeader.sequenceNumber, "OPN", controller)) return;
+        if (!this.validateSequenceNumber(msgAsym.sequenceHeader.sequenceNumber, "OPN")) return;
         controller.enqueue(msgAsym);
         break;
       }
@@ -17914,7 +17927,7 @@ var SecureChannelMessageDecoder = class extends TransformStream {
         this.logger.warn("SecureChannel received Abort message");
         const secHeader = MsgSecurityHeaderSymmetric.decode(buffer);
         const msgSym = MsgSymmetric.decode(buffer, header, secHeader, this.context.securityAlgorithm);
-        if (!this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "MSG-A", controller)) return;
+        if (!this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "MSG-A")) return;
         controller.enqueue(msgSym);
         break;
       }
@@ -17922,7 +17935,7 @@ var SecureChannelMessageDecoder = class extends TransformStream {
         this.logger.debug("SecureChannel received Chunk message.");
         const secHeader = MsgSecurityHeaderSymmetric.decode(buffer);
         const msgSym = MsgSymmetric.decode(buffer, header, secHeader, this.context.securityAlgorithm);
-        if (!this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "MSG-C", controller)) return;
+        if (!this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "MSG-C")) return;
         controller.enqueue(msgSym);
         break;
       }
@@ -17930,7 +17943,7 @@ var SecureChannelMessageDecoder = class extends TransformStream {
         this.logger.debug("SecureChannel received Final message");
         const secHeader = MsgSecurityHeaderSymmetric.decode(buffer);
         const msgSym = MsgSymmetric.decode(buffer, header, secHeader, this.context.securityAlgorithm);
-        if (!this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "MSG-F", controller)) return;
+        if (!this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "MSG-F")) return;
         controller.enqueue(msgSym);
         break;
       }
@@ -17938,7 +17951,7 @@ var SecureChannelMessageDecoder = class extends TransformStream {
         this.logger.warn("SecureChannel received CloseFinal message.");
         const secHeader = MsgSecurityHeaderSymmetric.decode(buffer);
         const msgSym = MsgSymmetric.decode(buffer, header, secHeader, this.context.securityAlgorithm);
-        this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "CLO-F", controller);
+        this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "CLO-F");
         break;
       }
       default: