From 1fcd3c38fc0cbddc5a58031691452b629269e7b4 Mon Sep 17 00:00:00 2001
From: Renan Rocha <renan.rocha@effectrenan.com>
Date: Thu, 11 Feb 2021 18:15:55 -0300
Subject: [PATCH 1/5] Update internet.js

---
 lib/internet.js | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/internet.js b/lib/internet.js
index 1d815ba..e6d3457 100644
--- a/lib/internet.js
+++ b/lib/internet.js
@@ -38,7 +38,6 @@ function inetChecksite(url, callback) {
       const s = util.sanitizeShellString(url);
       for (let i = 0; i <= 2000; i++) {
         if (!(s[i] === undefined ||
-          s[i] === ' ' ||
           s[i] === '{' ||
           s[i] === '}')) {
           s[i].__proto__.toLowerCase = util.stringToLower;

From f021f7309e2c001b36eaf9d3d52c0b7e2cd5a14c Mon Sep 17 00:00:00 2001
From: Renan Rocha <renan.rocha@effectrenan.com>
Date: Thu, 11 Feb 2021 18:17:00 -0300
Subject: [PATCH 2/5] Update util.js

---
 lib/util.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/util.js b/lib/util.js
index b1e2175..3bfe1b9 100644
--- a/lib/util.js
+++ b/lib/util.js
@@ -527,6 +527,7 @@ function sanitizeShellString(str) {
       s[i] === '\n' ||
       s[i] === '\'' ||
       s[i] === '`' ||
+      s[i] === ' ' ||
       s[i] === '"')) {
       result = result + s[i];
     }

From d000198689de72d7fbba70b3356390ab6eb85722 Mon Sep 17 00:00:00 2001
From: effectrenan <officialeffect@gmail.com>
Date: Sat, 13 Feb 2021 10:29:15 -0300
Subject: [PATCH 3/5] Command Injection - array

---
 lib/internet.js | 44 ++++++++++++++++++++++++++------------------
 1 file changed, 26 insertions(+), 18 deletions(-)

diff --git a/lib/internet.js b/lib/internet.js
index ab28f14..21936b6 100644
--- a/lib/internet.js
+++ b/lib/internet.js
@@ -34,6 +34,16 @@ function inetChecksite(url, callback) {
 
   return new Promise((resolve) => {
     process.nextTick(() => {
+      let result = {
+        url: url,
+        ok: false,
+        status: 404,
+        ms: null
+      };
+      if (typeof url !== "string") {
+        if (callback) { callback(result); }
+        return resolve(result);
+      }
       let urlSanitized = '';
       const s = util.sanitizeShellString(url, true);
       for (let i = 0; i <= 2000; i++) {
@@ -45,12 +55,7 @@ function inetChecksite(url, callback) {
           }
         }
       }
-      let result = {
-        url: urlSanitized,
-        ok: false,
-        status: 404,
-        ms: null
-      };
+      result.url = urlSanitized;
       try {
         if (urlSanitized && !util.isPrototypePolluted()) {
           let t = Date.now();
@@ -123,21 +128,24 @@ function inetLatency(host, callback) {
   }
 
   host = host || '8.8.8.8';
-  let hostSanitized = '';
-  const s = (util.isPrototypePolluted() ? '8.8.8.8' : util.sanitizeShellString(host, true)).trim();
-  for (let i = 0; i <= 2000; i++) {
-    if (!(s[i] === undefined)) {
-
-      s[i].__proto__.toLowerCase = util.stringToLower;
-      const sl = s[i].toLowerCase();
-      if (sl && sl[0] && !sl[1]) {
-        hostSanitized = hostSanitized + sl[0];
-      }
-    }
-  }
 
   return new Promise((resolve) => {
     process.nextTick(() => {
+      if (typeof host !== "string") {
+        if (callback) { callback(null); }
+        return resolve(null);
+      }
+      let hostSanitized = '';
+      const s = (util.isPrototypePolluted() ? '8.8.8.8' : util.sanitizeShellString(host, true)).trim();
+      for (let i = 0; i <= 2000; i++) {
+        if (!(s[i] === undefined)) {
+          s[i].__proto__.toLowerCase = util.stringToLower;
+          const sl = s[i].toLowerCase();
+          if (sl && sl[0] && !sl[1]) {
+            hostSanitized = hostSanitized + sl[0];
+          }
+        }
+      }
       let params;
       let filt;
       if (_linux || _freebsd || _openbsd || _netbsd || _darwin) {

From 1e3b479c10c918557fd22bcf2635d8afbd9c8994 Mon Sep 17 00:00:00 2001
From: effectrenan <officialeffect@gmail.com>
Date: Sat, 13 Feb 2021 10:53:19 -0300
Subject: [PATCH 4/5] Command Injection - array

---
 lib/processes.js | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/lib/processes.js b/lib/processes.js
index 8221b47..eab162b 100644
--- a/lib/processes.js
+++ b/lib/processes.js
@@ -99,6 +99,11 @@ function services(srv, callback) {
 
   return new Promise((resolve) => {
     process.nextTick(() => {
+      if (typeof srv !== "string") {
+        if (callback) { callback([]); }
+        return resolve([]);
+      }
+
       if (srv) {
         let srvString = '';
         srvString.__proto__.toLowerCase = util.stringToLower;
@@ -106,12 +111,14 @@ function services(srv, callback) {
         srvString.__proto__.trim = util.stringTrim;
 
         const s = util.sanitizeShellString(srv);
+        console.log(s)
         for (let i = 0; i <= 2000; i++) {
           if (!(s[i] === undefined)) {
             srvString = srvString + s[i];
           }
         }
 
+        console.log(srvString)
         srvString = srvString.trim().toLowerCase().replace(/, /g, '|').replace(/,+/g, '|');
         if (srvString === '') {
           srvString = '*';

From 139264433a91bdb738b4f26b78ea257b62b3dd31 Mon Sep 17 00:00:00 2001
From: effectrenan <officialeffect@gmail.com>
Date: Sat, 13 Feb 2021 12:01:05 -0300
Subject: [PATCH 5/5] Command Injection - array

---
 lib/processes.js | 2 --
 1 file changed, 2 deletions(-)

diff --git a/lib/processes.js b/lib/processes.js
index eab162b..772b932 100644
--- a/lib/processes.js
+++ b/lib/processes.js
@@ -111,14 +111,12 @@ function services(srv, callback) {
         srvString.__proto__.trim = util.stringTrim;
 
         const s = util.sanitizeShellString(srv);
-        console.log(s)
         for (let i = 0; i <= 2000; i++) {
           if (!(s[i] === undefined)) {
             srvString = srvString + s[i];
           }
         }
 
-        console.log(srvString)
         srvString = srvString.trim().toLowerCase().replace(/, /g, '|').replace(/,+/g, '|');
         if (srvString === '') {
           srvString = '*';