lots of changes related to removing Buffer from internal uses:

1. using Uint8Array instead of Buffer in all internal code
2. enabling eslint rule to block Buffer use in src
3. using BSON's ByteUtils in places where we depended on Buffer operations
4. using ByteUtils.isUint8Array instead of Buffer.isBuffer
5. introduced writeInt32LE wrapper that uses the same order of variables, to avoid embarassing mistakes

Author: PavelSafronov

.eslintrc.json

@@ -285,6 +285,13 @@
               }
             ]
           }
+        ],
+        "no-restricted-globals": [
+          "error",
+          {
+            "name": "Buffer",
+            "message": "Use Uin8Array instead"
+          }
         ]
       }
     },

src/bson.ts

@@ -1,5 +1,5 @@
 /* eslint-disable no-restricted-imports */
-import { BSON, type DeserializeOptions, type SerializeOptions } from 'bson';
+import { BSON, ByteUtils, type DeserializeOptions, type SerializeOptions } from 'bson';
 
 export {
   Binary,
@@ -8,6 +8,7 @@ export {
   BSONRegExp,
   BSONSymbol,
   BSONType,
+  ByteUtils,
   calculateObjectSize,
   Code,
   DBRef,
@@ -32,13 +33,6 @@ export {
 /** @internal */
 export type BSONElement = BSON.OnDemand['BSONElement'];
 
-/** @internal */
-export function toLocalBufferType(this: void, buffer: Buffer | Uint8Array): Buffer {
-  return Buffer.isBuffer(buffer)
-    ? buffer
-    : Buffer.from(buffer.buffer, buffer.byteOffset, buffer.byteLength);
-}
-
 export function parseToElementsToArray(bytes: Uint8Array, offset?: number): BSONElement[] {
   const res = BSON.onDemand.parseToElements(bytes, offset);
   return Array.isArray(res) ? res : [...res];
@@ -48,22 +42,30 @@ export const getInt32LE = BSON.onDemand.NumberUtils.getInt32LE;
 export const getFloat64LE = BSON.onDemand.NumberUtils.getFloat64LE;
 export const getBigInt64LE = BSON.onDemand.NumberUtils.getBigInt64LE;
 export const toUTF8 = BSON.onDemand.ByteUtils.toUTF8;
-export const writeInt32LE = BSON.onDemand.NumberUtils.setInt32LE;
 
-export const fromUTF8 = (text: string) => toLocalBufferType(BSON.onDemand.ByteUtils.fromUTF8(text));
+// BSON wrappers
 
-export const concatBuffers = (list: Buffer[] | Uint8Array[]) => {
-  return toLocalBufferType(BSON.onDemand.ByteUtils.concat(list));
+// writeInt32LE, same order of arguments as Buffer.writeInt32LE
+export const writeInt32LE = (destination: Uint8Array, value: number, offset: number) =>
+  BSON.onDemand.NumberUtils.setInt32LE(destination, offset, value);
+
+// various wrappers that consume and return local buffer types
+
+export const fromUTF8 = (text: string) =>
+  ByteUtils.toLocalBufferType(BSON.onDemand.ByteUtils.fromUTF8(text));
+export const fromBase64 = (b64: string) =>
+  ByteUtils.toLocalBufferType(BSON.onDemand.ByteUtils.fromBase64(b64));
+export const fromNumberArray = (array: number[]) =>
+  ByteUtils.toLocalBufferType(BSON.onDemand.ByteUtils.fromNumberArray(array));
+export const concatBuffers = (list: Uint8Array[]) => {
+  return ByteUtils.toLocalBufferType(BSON.onDemand.ByteUtils.concat(list));
 };
 export const allocateBuffer = (size: number) =>
-  toLocalBufferType(BSON.onDemand.ByteUtils.allocate(size));
+  ByteUtils.toLocalBufferType(BSON.onDemand.ByteUtils.allocate(size));
 export const allocateUnsafeBuffer = (size: number) =>
-  toLocalBufferType(BSON.onDemand.ByteUtils.allocateUnsafe(size));
-
-export const utf8ByteLength = BSON.onDemand.ByteUtils.utf8ByteLength;
-export const toBase64 = BSON.onDemand.ByteUtils.toBase64;
-export const encodeUTF8Into = BSON.onDemand.ByteUtils.encodeUTF8Into;
+  ByteUtils.toLocalBufferType(BSON.onDemand.ByteUtils.allocateUnsafe(size));
 
+// validates buffer inputs, used for read operations
 const validateBufferInputs = (buffer: Uint8Array, offset: number, length: number) => {
   if (offset < 0 || offset + length > buffer.length) {
     throw new RangeError(

src/client-side-encryption/auto_encrypter.ts

@@ -1,7 +1,7 @@
 import { type MongoCrypt, type MongoCryptOptions } from 'mongodb-client-encryption';
 import * as net from 'net';
 
-import { deserialize, type Document, serialize } from '../bson';
+import { ByteUtils, deserialize, type Document, serialize } from '../bson';
 import { type CommandOptions, type ProxyOptions } from '../cmap/connection';
 import { kDecorateResult } from '../constants';
 import { getMongoDBClientEncryption } from '../deps';
@@ -256,20 +256,26 @@ export class AutoEncrypter {
       errorWrapper: defaultErrorWrapper
     };
     if (options.schemaMap) {
-      mongoCryptOptions.schemaMap = Buffer.isBuffer(options.schemaMap)
-        ? options.schemaMap
-        : (serialize(options.schemaMap) as Buffer);
+      if (ByteUtils.isUint8Array(options.schemaMap)) {
+        mongoCryptOptions.schemaMap = options.schemaMap as Uint8Array;
+      } else {
+        mongoCryptOptions.schemaMap = serialize(options.schemaMap);
+      }
     }
 
     if (options.encryptedFieldsMap) {
-      mongoCryptOptions.encryptedFieldsMap = Buffer.isBuffer(options.encryptedFieldsMap)
-        ? options.encryptedFieldsMap
-        : (serialize(options.encryptedFieldsMap) as Buffer);
+      if (ByteUtils.isUint8Array(options.encryptedFieldsMap)) {
+        mongoCryptOptions.encryptedFieldsMap = options.encryptedFieldsMap as Uint8Array;
+      } else {
+        mongoCryptOptions.encryptedFieldsMap = serialize(options.encryptedFieldsMap);
+      }
     }
 
-    mongoCryptOptions.kmsProviders = !Buffer.isBuffer(this._kmsProviders)
-      ? (serialize(this._kmsProviders) as Buffer)
-      : this._kmsProviders;
+    if (ByteUtils.isUint8Array(this._kmsProviders)) {
+      mongoCryptOptions.kmsProviders = this._kmsProviders as any as Uint8Array;
+    } else {
+      mongoCryptOptions.kmsProviders = serialize(this._kmsProviders);
+    }
 
     if (options.options?.logger) {
       mongoCryptOptions.logger = options.options.logger;
@@ -396,7 +402,9 @@ export class AutoEncrypter {
       return cmd;
     }
 
-    const commandBuffer = Buffer.isBuffer(cmd) ? cmd : serialize(cmd, options);
+    const commandBuffer: Uint8Array = ByteUtils.isUint8Array(cmd)
+      ? (cmd as Uint8Array)
+      : serialize(cmd, options);
     const context = this._mongocrypt.makeEncryptionContext(
       MongoDBCollectionNamespace.fromString(ns).db,
       commandBuffer

src/client-side-encryption/client_encryption.ts

@@ -6,6 +6,7 @@ import type {
 
 import {
   type Binary,
+  ByteUtils,
   deserialize,
   type Document,
   type Int32,
@@ -141,11 +142,15 @@ export class ClientEncryption {
       throw new MongoCryptInvalidArgumentError('Missing required option `keyVaultNamespace`');
     }
 
+    let kmsProviders;
+    if (!ByteUtils.isUint8Array(this._kmsProviders)) {
+      kmsProviders = serialize(this._kmsProviders);
+    } else {
+      kmsProviders = this._kmsProviders as any as Uint8Array;
+    }
     const mongoCryptOptions: MongoCryptOptions = {
       ...options,
-      kmsProviders: !Buffer.isBuffer(this._kmsProviders)
-        ? (serialize(this._kmsProviders) as Buffer)
-        : this._kmsProviders,
+      kmsProviders,
       errorWrapper: defaultErrorWrapper
     };
 

src/cmap/auth/auth_provider.ts

@@ -21,7 +21,7 @@ export class AuthContext {
   /** A response from an initial auth attempt, only some mechanisms use this (e.g, SCRAM) */
   response?: Document;
   /** A random nonce generated for use in an authentication conversation */
-  nonce?: Buffer;
+  nonce?: Uint8Array;
 
   constructor(
     connection: Connection,

src/cmap/auth/mongodb_aws.ts

@@ -5,7 +5,7 @@ import {
   MongoMissingCredentialsError,
   MongoRuntimeError
 } from '../../error';
-import { ByteUtils, maxWireVersion, ns, randomBytes } from '../../utils';
+import { maxWireVersion, ns, randomBytes } from '../../utils';
 import { type AuthContext, AuthProvider } from './auth_provider';
 import {
   type AWSCredentialProvider,
@@ -92,7 +92,7 @@ export class MongoDBAWS extends AuthProvider {
       throw new MongoRuntimeError(`Invalid server nonce length ${serverNonce.length}, expected 64`);
     }
 
-    if (!ByteUtils.equals(serverNonce.subarray(0, nonce.byteLength), nonce)) {
+    if (!BSON.ByteUtils.equals(serverNonce.subarray(0, nonce.byteLength), nonce)) {
       // throw because the serverNonce's leading 32 bytes must equal the client nonce's 32 bytes
       // https://github.com/mongodb/specifications/blob/master/source/auth/auth.md#conversation-5
 
@@ -115,7 +115,7 @@ export class MongoDBAWS extends AuthProvider {
         headers: {
           'Content-Type': 'application/x-www-form-urlencoded',
           'Content-Length': body.length,
-          'X-MongoDB-Server-Nonce': ByteUtils.toBase64(serverNonce),
+          'X-MongoDB-Server-Nonce': BSON.ByteUtils.toBase64(serverNonce),
           'X-MongoDB-GS2-CB-Flag': 'n'
         },
         path: '/',

src/cmap/auth/plain.ts

@@ -1,4 +1,4 @@
-import { Binary } from '../../bson';
+import { Binary, fromUTF8 } from '../../bson';
 import { MongoMissingCredentialsError } from '../../error';
 import { ns } from '../../utils';
 import { type AuthContext, AuthProvider } from './auth_provider';
@@ -12,7 +12,7 @@ export class Plain extends AuthProvider {
 
     const { username, password } = credentials;
 
-    const payload = new Binary(Buffer.from(`\x00${username}\x00${password}`));
+    const payload = new Binary(fromUTF8(`\x00${username}\x00${password}`));
     const command = {
       saslStart: 1,
       mechanism: 'PLAIN',

src/cmap/auth/scram.ts

@@ -4,10 +4,12 @@ import * as crypto from 'crypto';
 import {
   allocateBuffer,
   Binary,
+  ByteUtils,
   concatBuffers,
   type Document,
-  fromUTF8,
-  toBase64
+  fromBase64,
+  fromNumberArray,
+  fromUTF8
 } from '../../bson';
 import {
   MongoInvalidArgumentError,
@@ -72,21 +74,21 @@ function cleanUsername(username: string) {
   return username.replace('=', '=3D').replace(',', '=2C');
 }
 
-function clientFirstMessageBare(username: string, nonce: Buffer) {
+function clientFirstMessageBare(username: string, nonce: Uint8Array) {
   // NOTE: This is done b/c Javascript uses UTF-16, but the server is hashing in UTF-8.
   // Since the username is not sasl-prep-d, we need to do this here.
   return concatBuffers([
     fromUTF8('n='),
     fromUTF8(username),
     fromUTF8(',r='),
-    fromUTF8(toBase64(nonce))
+    fromUTF8(ByteUtils.toBase64(nonce))
   ]);
 }
 
 function makeFirstMessage(
   cryptoMethod: CryptoMethod,
   credentials: MongoCredentials,
-  nonce: Buffer
+  nonce: Uint8Array
 ) {
   const username = cleanUsername(credentials.username);
   const mechanism =
@@ -97,9 +99,7 @@ function makeFirstMessage(
   return {
     saslStart: 1,
     mechanism,
-    payload: new Binary(
-      concatBuffers([Buffer.from('n,,', 'utf8'), clientFirstMessageBare(username, nonce)])
-    ),
+    payload: new Binary(concatBuffers([fromUTF8('n,,'), clientFirstMessageBare(username, nonce)])),
     autoAuthorize: 1,
     options: { skipEmptyExchange: true }
   };
@@ -143,7 +143,7 @@ async function continueScramConversation(
   const processedPassword =
     cryptoMethod === 'sha256' ? saslprep(password) : passwordDigest(username, password);
 
-  const payload: Binary = Buffer.isBuffer(response.payload)
+  const payload: Binary = ByteUtils.isUint8Array(response.payload)
     ? new Binary(response.payload)
     : response.payload;
 
@@ -164,12 +164,7 @@ async function continueScramConversation(
 
   // Set up start of proof
   const withoutProof = `c=biws,r=${rnonce}`;
-  const saltedPassword = HI(
-    processedPassword,
-    Buffer.from(salt, 'base64'),
-    iterations,
-    cryptoMethod
-  );
+  const saltedPassword = HI(processedPassword, fromBase64(salt), iterations, cryptoMethod);
 
   const clientKey = HMAC(cryptoMethod, saltedPassword, 'Client Key');
   const serverKey = HMAC(cryptoMethod, saltedPassword, 'Server Key');
@@ -188,13 +183,13 @@ async function continueScramConversation(
   const saslContinueCmd = {
     saslContinue: 1,
     conversationId: response.conversationId,
-    payload: new Binary(Buffer.from(clientFinal))
+    payload: new Binary(fromUTF8(clientFinal))
   };
 
   const r = await connection.command(ns(`${db}.$cmd`), saslContinueCmd, undefined);
   const parsedResponse = parsePayload(r.payload);
 
-  if (!compareDigest(Buffer.from(parsedResponse.v, 'base64'), serverSignature)) {
+  if (!compareDigest(fromBase64(parsedResponse.v), serverSignature)) {
     throw new MongoRuntimeError('Server returned an invalid signature');
   }
 
@@ -252,35 +247,27 @@ function passwordDigest(username: string, password: string) {
 }
 
 // XOR two buffers
-function xor(a: Buffer, b: Buffer) {
-  if (!Buffer.isBuffer(a)) {
-    a = Buffer.from(a);
-  }
-
-  if (!Buffer.isBuffer(b)) {
-    b = Buffer.from(b);
-  }
-
+function xor(a: Uint8Array, b: Uint8Array) {
   const length = Math.max(a.length, b.length);
   const res = [];
 
   for (let i = 0; i < length; i += 1) {
     res.push(a[i] ^ b[i]);
   }
 
-  return Buffer.from(res).toString('base64');
+  return ByteUtils.toBase64(fromNumberArray(res));
 }
 
-function H(method: CryptoMethod, text: Buffer) {
+function H(method: CryptoMethod, text: Uint8Array): Uint8Array {
   return crypto.createHash(method).update(text).digest();
 }
 
-function HMAC(method: CryptoMethod, key: Buffer, text: Buffer | string) {
+function HMAC(method: CryptoMethod, key: Uint8Array, text: Uint8Array | string): Uint8Array {
   return crypto.createHmac(method, key).update(text).digest();
 }
 
 interface HICache {
-  [key: string]: Buffer;
+  [key: string]: Uint8Array;
 }
 
 let _hiCache: HICache = {};
@@ -295,9 +282,9 @@ const hiLengthMap = {
   sha1: 20
 };
 
-function HI(data: string, salt: Buffer, iterations: number, cryptoMethod: CryptoMethod) {
+function HI(data: string, salt: Uint8Array, iterations: number, cryptoMethod: CryptoMethod) {
   // omit the work if already generated
-  const key = [data, salt.toString('base64'), iterations].join('_');
+  const key = [data, ByteUtils.toBase64(salt), iterations].join('_');
   if (_hiCache[key] != null) {
     return _hiCache[key];
   }
@@ -321,7 +308,7 @@ function HI(data: string, salt: Buffer, iterations: number, cryptoMethod: Crypto
   return saltedData;
 }
 
-function compareDigest(lhs: Buffer, rhs: Uint8Array) {
+function compareDigest(lhs: Uint8Array, rhs: Uint8Array) {
   if (lhs.length !== rhs.length) {
     return false;
   }