mike/systeminformation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

users(), wifiNetworks() fixed parsing (macOS Seguoia)

Browse Source
This commit is contained in:
Sebastian Hildebrandt 2024-12-21 15:46:53 +01:00
parent d32376c688
commit 195177bc03
8 changed files with 78 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2 Normal file
View File

@ -0,0 +1,2 @@
WARNING: The airport command line tool is deprecated and will be removed in a future release.
For diagnosing Wi-Fi related issues, use the Wireless Diagnostics app or wdutil command line tool.

1
CHANGELOG.md
View File

@ -90,6 +90,7 @@ For major (breaking) changes - **version 4, 3 and 2** - see end of page.
| Version | Date | Comment |
| ------- | ---------- | --------------------------------------------------------------------------------------------------- |
| 5.23.15 | 2024-12-21 | `users()` fixed parsing (macOS Seguoia) |
| 5.23.14 | 2024-12-18 | `chassis()` new chassis detection (macOS) |
| 5.23.13 | 2024-12-14 | `wifiConnections()` improved BSSID parsing (windows) |
| 5.23.12 | 2024-12-13 | `networkConnections()` fixed wrong PID parsing (macOS) |

2
README.md
View File

@ -51,7 +51,7 @@
I wish you all a Merry Christmas and a peaceful New Year 2025.
This is amazing. Started as a small project just for myself, it now has > 15,000
This is amazing. Started as a small project just for myself, it now has > 17,000
lines of code, > 650 versions published, up to 8 mio downloads per month, > 330
mio downloads overall. #1 NPM ranking for backend packages. Thank you to all who
contributed to this project!

5
docs/history.html
View File

@ -57,6 +57,11 @@
</tr>
</thead>
<tbody>
<tr>
<th scope="row">5.23.15</th>
<td>2024-12-21</td>
<td><span class="code">users()</span>, <span class="code">wifiNetworks()</span> fixed parsing (macOS Seguoia)</td>
</tr>
<tr>
<th scope="row">5.23.14</th>
<td>2024-12-18</td>

6
docs/index.html
View File

@ -166,11 +166,11 @@
<body>
<header class="bg-image-full">
<div class="top-container">
<a href="security.html" class="recommendation">Security advisory:<br>Update to v5.21.8</a>
<a href="security.html" class="recommendation">Security advisory:<br>Update to v5.23.7</a>
<img class="logo" src="assets/logo.png" alt="logo">
<div class="title">systeminformation</div>
<div class="subtitle"><span id="typed"></span>&nbsp;</div>
<div class="version">New Version: <span id="version">5.23.13</span></div>
<div class="version">New Version: <span id="version">5.23.15</span></div>
<button class="btn btn-light" onclick="location.href='https://github.com/sebhildebrandt/systeminformation'">View on Github <i class=" fab fa-github"></i></button>
</div>
<div class="down">
@ -204,7 +204,7 @@
</div>
<div class="row number-section">
<div class="col-xl-4 col-lg-4 col-md-4 col-12">
<div class="numbers">17,089</div>
<div class="numbers">17,135</div>
<div class="title">Lines of code</div>
</div>
<div class="col-xl-4 col-lg-4 col-md-4 col-12">

17
docs/security.html
View File

@ -44,10 +44,27 @@
<div class="col-12 sectionheader">
<div class="title">Security Advisories</div>
<div class="text">
<h2>SSID Command Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span>
&lt; 5.23.7<br>
<span class="bold">Date:</span> 2024-11-11<br>
<span class="bold">CVE indentifier</span> CVE-2024-56334
</p>
<h4>Impact</h4>
<p>We had an issue that there was a possibility to perform a potential command injection possibility by crafting detected SSIDs in <span class="code">networkInterfaces()</span> on windows machines.</p>
<h4>Patch</h4>
<p>Problem was fixed with parameter checking. If you are using version 5, please upgrade to version >= 5.23.7.</p>
<hr>
<br>
<h2>Passing User Paramters to Systeminformation</h2>
<p>For most of the applications that are using <span class="code">systeminformation</span>, there is no reason to worry. <span class="bold">But be aware!</span> If you are using <span class="code">inetLatency()</span>, <span class="code">inetChecksite()</span>, <span class="code">services()</span>, <span class="code">processLoad()</span>, <span class="code">versions()</span> with arbitrary untrusted user input, you should pay extra attention! We are doing a lot of input sanitation for those functions inside this package but we cannot handle all cases!</p>
<p class="warning">This can lead to serious impact on your servers!</p>
<p>We highly recommend to always upgrade to the latest version of our package. We maintain security updates for version 5 AND also version 4. For version 4 you can install latest version by placing <span class="code">"systeminformation": "^4"</span> in your package.json (dependencies) and run <span class="code">npm install</span></p>
<hr>
<br>
<h2>SSID Command Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span>

2
lib/users.js
View File

@ -120,7 +120,7 @@ function parseUsersDarwin(lines) {
result_w.command = l.slice(5, 1000).join(' ');
// find corresponding 'who' line
who_line = result_who.filter(function (obj) {
return (obj.user === result_w.user && (obj.tty.substring(3, 1000) === result_w.tty || obj.tty === result_w.tty));
return (obj.user.substring(0, 10) === result_w.user.substring(0, 10) && (obj.tty.substring(3, 1000) === result_w.tty || obj.tty === result_w.tty));
});
if (who_line.length === 1) {
result.push({

50
lib/wifi.js
View File

@ -396,6 +396,47 @@ function parseWifiDarwin(wifiObj) {
}
return result;
}
function parseWifi2Darwin(wifiStr) {
const result = [];
try {
let wifiObj = JSON.parse(wifiStr);
wifiObj = wifiObj.SPAirPortDataType[0].spairport_airport_interfaces[0].spairport_airport_other_local_wireless_networks;
wifiObj.forEach(function (wifiItem) {
let security = [];
const sm = wifiItem.spairport_security_mode;
if (sm === 'spairport_security_mode_wep') {
security.push('WEP');
} else if (sm === 'spairport_security_mode_wpa2_personal') {
security.push('WPA2');
} else if (sm.startsWith('spairport_security_mode_wpa2_enterprise')) {
security.push('WPA2 EAP');
} else if (sm.startsWith('pairport_security_mode_wpa3_transition')) {
security.push('WPA2/WPA3');
} else if (sm.startsWith('pairport_security_mode_wpa3')) {
security.push('WPA3');
}
const channelInfo = new RegExp(/(\d+) \((\d)GHz, (\d+)MHz\)/g).exec(wifiItem.spairport_network_channel);
result.push({
ssid: wifiItem._name || '',
bssid: '',
mode: wifiItem.spairport_network_phymode,
channel: parseInt(channelInfo[0].split(' ')[0]),
frequency: wifiFrequencyFromChannel(channelInfo[1]),
signalLevel: null,
quality: null,
security,
wpaFlags: [],
rsnFlags: []
});
});
return result;
} catch (e) {
return result;
}
};
function wifiNetworks(callback) {
return new Promise((resolve) => {
process.nextTick(() => {
@ -459,10 +500,15 @@ function wifiNetworks(callback) {
resolve(result);
}
} else if (_darwin) {
let cmd = '/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s -x';
let cmd = '/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s -x >2 /dev/bull; echo "######"; system_profiler -json SPAirPortDataType';
exec(cmd, { maxBuffer: 1024 * 40000 }, function (error, stdout) {
const output = stdout.toString();
result = parseWifiDarwin(util.plistParser(output));
const parts = output.split('######');
if (parts[0]) {
result = parseWifiDarwin(util.plistParser(parts[0]));
} else {
result = parseWifi2Darwin(parts[1]);
}
if (callback) {
callback(result);
}