From 6ae80aa251f9f1a16b46420ce16512d6bfb6f631 Mon Sep 17 00:00:00 2001
From: Sebastian Hildebrandt <hildebrandt@plus-innovations.com>
Date: Sat, 28 Nov 2020 10:40:02 +0100
Subject: [PATCH] updated docs

---
 docs/index.html    |   3 +-
 docs/main.js       |   3 +-
 docs/security.html | 124 +++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 128 insertions(+), 2 deletions(-)
 create mode 100644 docs/security.html

diff --git a/docs/index.html b/docs/index.html
index ac43620..19f850c 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -165,7 +165,7 @@
 <body>
   <header class="bg-image-full">
     <div class="container">
-      <a href="https://github.com/sebhildebrandt/systeminformation/security/advisories?state=published" class="recommendation">Security advisory:<br>Uodate to v4.30.6</a>
+      <a href="security.html" class="recommendation">Security advisory:<br>Update to v4.30.5</a>
       <img class="logo" src="assets/logo.png">
       <div class="title">systeminformation</div>
       <div class="subtitle"><span id="typed"></span></div>
@@ -317,6 +317,7 @@
     <div class="row">
       <div class="col-12 sectionheader index">
         <div class="title-small">Issues</div>
+        <div class="text"><span class="bold">Security issues</span>: Please have a look at our <a href="security.html">security advisories</a></div>
         <div class="text">If you run into problems, please check out <a href="issues.html">known issues page</a> first. If you still have problems, please feel free to open an issue on our <a href="https://github.com/sebhildebrandt/systeminformation/issues">github page</a></div>
         <div class="title-small">Upcoming ...</div>
         <div class="text"><span class="bold">MacOS on ARM, Windows on ARM</span> - we will have a closer look on that! As soon as we have the new hardware here, will work on support for those platforms. We are also planning a new major version <span class="bold">Version 5</span> with some minor breaking changes and some additional features. We will try to make this available Q1 of 2021.<br /><br /></div>
diff --git a/docs/main.js b/docs/main.js
index 96fd76a..cacf037 100644
--- a/docs/main.js
+++ b/docs/main.js
@@ -17,8 +17,9 @@ function createMenu() {
     [1, 'vbox', 'Virtual Box'],
     [1, 'statsfunctions', 'Observers / Stats'],
     [0, '', 'More'],
-    [1, 'history', 'Version history'],
+    [1, 'security', 'Security Advisories'],
     [1, 'issues', 'Known Issues'],
+    [1, 'history', 'Version history'],
     [1, 'copyright', 'Copyright & License'],
     [1, 'contributors', 'Contributors'],
     [1, 'trademarks', 'Trademarks'],
diff --git a/docs/security.html b/docs/security.html
new file mode 100644
index 0000000..6b0b9f6
--- /dev/null
+++ b/docs/security.html
@@ -0,0 +1,124 @@
+<!doctype html>
+<html lang="en">
+
+<head>
+  <!-- Required meta tags -->
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+
+  <!-- CSS -->
+  <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css" integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO" crossorigin="anonymous">
+  <link rel="stylesheet" href="https://pro.fontawesome.com/releases/v5.6.3/css/all.css" integrity="sha384-LRlmVvLKVApDVGuspQFnRQJjkv0P7/YFrw84YYQtmYG4nK8c+M+NlmYDCv0rKWpG" crossorigin="anonymous">
+  <link rel="stylesheet" href="styles.css">
+  <script src="main.js"></script>
+
+  <!-- Favicon -->
+  <link rel="icon" type="image/png" sizes="192x192" href="/assets/android-icon-192x192.png">
+  <link rel="icon" type="image/png" sizes="32x32" href="/assets/favicon-32x32.png">
+  <link rel="icon" type="image/png" sizes="96x96" href="/assets/favicon-96x96.png">
+  <link rel="icon" type="image/png" sizes="16x16" href="/assets/favicon-16x16.png">
+
+  <title>systeminformation</title>
+
+</head>
+
+<body>
+  <nav class="nav">
+    <div class="container">
+      <a href="."><img class="logo float-left" src="assets/logo.png">
+        <div class="title float-left">systeminformation</div>
+      </a>
+      <div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
+      <div class="text float-right todocs"><a href="./#docs">Docs Overview</a></div>
+    </div>
+  </nav>
+
+  <section class="container">
+    <div class="row">
+      <div class="col-12 col-md-4 col-lg-3 col-xl-2 menu" id="menu">
+      </div>
+      <div class="col-12 col-md-8 col-lg-9 col-xl-10 content">
+        <div class="row">
+          <div class="col-12 sectionheader">
+            <div class="title">Security Advisories</div>
+            <div class="text">
+              <h2>command injection vulnerability - prototype pollution</h2>
+              <p><span class="bold">Affected versions:</span>
+                < 4.30.5<br>
+                  <span class="bold">Date:</span> 2020-11-26<br>
+                  <span class="bold">CVE indentifier</span> CVE-2020-26245
+              </p>
+
+              <h4>Impact</h4>
+              <p>Here we had an issue that there was a possibility to inject commands to the command line by property pollution on the string object. Affected commands: <span class="code">inetChecksite()</span>.</p>
+
+              <h4>Patch</h4>
+              <p>Problem was fixed with a shell string sanitation fix as well as handling prototype polution. Please upgrade to version >= 4.30.5</p>
+
+              <h4>Workarround</h4>
+              <p>If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to <span class="code">inetChecksite()</span></p>
+
+
+              <h2>Command Injection Vulnerability</h2>
+              <p><span class="bold">Affected versions:</span>
+                < 4.27.11<br>
+                  <span class="bold">Date:</span> 2020-10-26<br>
+                  <span class="bold">CVE indentifier</span> CVE-2020-7752
+              </p>
+
+              <h4>Impact</h4>
+              <p>Here we had an issue that there was a possibility to inject commands to the command line of your machine via systeminformation. Affected commands: <span class="code">inetChecksite()</span>.</p>
+
+              <h4>Patch</h4>
+              <p>Problem was fixed with a shell string sanitation fix. Please upgrade to version >= 4.27.11</p>
+
+              <h4>Workarround</h4>
+              <p>If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to <span class="code">inetChecksite()</span></p>
+
+            </div>
+          </div>
+        </div>
+      </div>
+    </div>
+    </div>
+  </section>
+  <footer class="container-fluid">
+    <div class="container">
+      <div class="row">
+        <div class="col-lg-4 col-12">
+          <ul class="list-unstyled">
+            <li><a href=".">Home</a></li>
+            <li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
+            <li><a href="contributors.html">Contributors</a></li>
+            <li><a href="https://buymeacoff.ee/systeminfo">Buy me a coffee</a></li>
+          </ul>
+        </div>
+        <div class="col-lg-4 col-12">
+          <ul class="list-unstyled">
+            <li><a href="gettingstarted.html">Quick Start</a></li>
+            <li><a href="issues.html">Known Issues</a></li>
+            <li><a href="statsfunctions.html">Stats Functions</a></li>
+            <li><a href="history.html">Version history</a></li>
+          </ul>
+        </div>
+        <div class="col-lg-4 col-12">
+          <ul class="list-unstyled">
+            <li><a href="https://www.plus-innovations.com">&copy; 2020 Sebastian Hildebrandt, +innovations</a></li>
+            <li><a href="copyright.html">Copyright &amp; License</a></li>
+            <li><a href="trademarks.html">Trademarks</a></li>
+            <li><a href="https://github.com/sebhildebrandt/systeminformation/blob/master/LICENSE"><img src="https://img.shields.io/badge/license-MIT-blue.svg?style=flat-square" alt="MIT license" /></a></li>
+          </ul>
+        </div>
+      </div>
+    </div>
+
+  </footer>
+
+  <script>
+    window.onload = function (e) {
+      createMenu();
+    }
+  </script>
+</body>
+
+</html>