mike/systeminformation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security update (prototype pollution prevention)

Browse Source
This commit is contained in:
Sebastian Hildebrandt 2020-11-25 04:41:31 +01:00
parent 52bbcd78b8
commit 73dce8d717
7 changed files with 112 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -30,6 +30,8 @@ For major (breaking) changes - version 3 and 2 see end of page.
| Version | Date | Comment |
| -------------- | -------------- | -------- |
| 4.30.2 | 2020-11-25 | security update (prototype pollution prevention) |
| 4.30.1 | 2020-11-12 | updated docs |
| 4.30.0 | 2020-11-12 | `get()` possibility to provide params |
| 4.29.3 | 2020-11-09 | `blockdevices()` catch errors adapted for just one line |
| 4.29.2 | 2020-11-09 | `blockdevices()` catch errors |

10
docs/history.html
View File

@ -83,6 +83,16 @@
</tr>
</thead>
<tbody>
<tr>
<th scope="row">4.30.2</th>
<td>2020-11-25</td>
<td>security update (prototype pollution prevention)</td>
</tr>
<tr>
<th scope="row">4.30.1</th>
<td>2020-11-12</td>
<td>updated docs</td>
</tr>
<tr>
<th scope="row">4.30.0</th>
<td>2020-11-11</td>

2
docs/index.html
View File

@ -168,7 +168,7 @@
<img class="logo" src="assets/logo.png">
<div class="title">systeminformation</div>
<div class="subtitle"><span id="typed"></span></div>
<div class="version">Current Version: <span id="version">4.30.0</span></div>
<div class="version">Current Version: <span id="version">4.30.2</span></div>
<button class="btn btn-light" onclick="location.href='https://github.com/sebhildebrandt/systeminformation'">View on Github <i class=" fab fa-github"></i></button>
</div>
<div class="down">

25
lib/internet.js
View File

@ -33,21 +33,26 @@ function inetChecksite(url, callback) {
return new Promise((resolve) => {
process.nextTick(() => {
let urlSanitized = util.sanitizeShellString(url).toLowerCase();
urlSanitized = urlSanitized.replace(/ /g, '');
urlSanitized = urlSanitized.replace(/\$/g, '');
urlSanitized = urlSanitized.replace(/\(/g, '');
urlSanitized = urlSanitized.replace(/\)/g, '');
urlSanitized = urlSanitized.replace(/{/g, '');
urlSanitized = urlSanitized.replace(/}/g, '');
let urlSanitized = '';
const s = util.sanitizeShellString(url);
for (i = 0; i <= 2000; i++) {
if (!(s[i] === undefined ||
s[i] === ' ' ||
s[i] === '{' ||
s[i] === '}')) {
const sl = s[i].toLowerCase();
if (sl[0] && !sl[1]) {
urlSanitized = urlSanitized + sl[i];
}
}
}
let result = {
url: urlSanitized,
ok: false,
status: 404,
ms: -1
};
if (urlSanitized) {
if (urlSanitized && !util.isPrototypePolluted()) {
let t = Date.now();
if (_linux || _freebsd || _openbsd || _netbsd || _darwin || _sunos) {
let args = ' -I --connect-timeout 5 -m 5 ' + urlSanitized + ' 2>/dev/null | head -n 1 | cut -d " " -f2';
@ -114,7 +119,7 @@ function inetLatency(host, callback) {
}
host = host || '8.8.8.8';
const hostSanitized = util.sanitizeShellString(host);
const hostSanitized = util.isPrototypePolluted() ? '8.8.8.8' : util.sanitizeShellString(host);
return new Promise((resolve) => {
process.nextTick(() => {

2
lib/network.js
View File

@ -1041,7 +1041,7 @@ function networkStatsSingle(iface) {
return new Promise((resolve) => {
process.nextTick(() => {
const ifaceSanitized = util.sanitizeShellString(iface);
const ifaceSanitized = util.isPrototypePolluted() ? '---' : util.sanitizeShellString(iface);
let result = {
iface: ifaceSanitized,

5
lib/processes.js
View File

@ -103,6 +103,9 @@ function services(srv, callback) {
if (srvString === '') {
srvString = '*';
}
if (util.isPrototypePolluted() && srvString !== '*') {
srvString = '------';
}
let srvs = srvString.split('|');
let result = [];
let dataSrv = [];
@ -837,7 +840,7 @@ function processLoad(proc, callback) {
return new Promise((resolve) => {
process.nextTick(() => {
const procSanitized = util.sanitizeShellString(proc);
const procSanitized = util.isPrototypePolluted() ? '' : util.sanitizeShellString(proc);
let result = {
'proc': procSanitized,

99
lib/util.js
View File

@ -490,29 +490,87 @@ function countLines(lines, startingWith) {
}
function sanitizeShellString(str) {
let result = str || '';
result = result.replace(/>/g, '');
result = result.replace(/</g, '');
result = result.replace(/\*/g, '');
result = result.replace(/\?/g, '');
result = result.replace(/\[/g, '');
result = result.replace(/\]/g, '');
result = result.replace(/\|/g, '');
result = result.replace(/\`/g, '');
result = result.replace(/\$/g, '');
result = result.replace(/;/g, '');
result = result.replace(/&/g, '');
result = result.replace(/\)/g, '');
result = result.replace(/\(/g, '');
result = result.replace(/\$/g, '');
result = result.replace(/#/g, '');
result = result.replace(/\\/g, '');
result = result.replace(/\t/g, '');
result = result.replace(/\n/g, '');
result = result.replace(/\"/g, '');
const s = str || '';
let result = '';
for (i = 0; i <= 2000; i++) {
if (!(s[i] === undefined ||
s[i] === '>' ||
s[i] === '<' ||
s[i] === '*' ||
s[i] === '?' ||
s[i] === '[' ||
s[i] === ']' ||
s[i] === '|' ||
s[i] === '˚' ||
s[i] === '$' ||
s[i] === ';' ||
s[i] === '&' ||
s[i] === '(' ||
s[i] === ')' ||
s[i] === ']' ||
s[i] === '#' ||
s[i] === '\\' ||
s[i] === '\t' ||
s[i] === '\n' ||
s[i] === '"')) {
result = result + s[i];
}
}
return result;
}
function isPrototypePolluted() {
s = '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
let notPolluted = true;
let st = '';
notPolluted = notPolluted || !(s.length === 62)
const ms = Date.now();
if (typeof ms === 'number' && ms > 1600000000000) {
const l = ms % 100 + 15;
let c = 0;
for (i = 0; i < l; i++) {
const r = Math.random() * 61.99999999 + 1;
const rs = parseInt(Math.floor(r).toString(), 10)
const rs2 = parseInt(r.toString().split('.')[0], 10);
const q = Math.random() * 61.99999999 + 1;
const qs = parseInt(Math.floor(q).toString(), 10)
const qs2 = parseInt(q.toString().split('.')[0], 10);
notPolluted = notPolluted && !(r === q);
notPolluted = notPolluted && rs === rs2 && qs === qs2;
st += s[rs - 1];
}
notPolluted = notPolluted && st.length === l;
// string manipulation
let p = Math.random() * l * 0.9999999999;
let stm = st.substr(0, p) + ' ' + st.substr(p, 2000);
let sto = stm.replace(/ /g, '');
notPolluted = notPolluted && st === sto;
p = Math.random() * l * 0.9999999999;
stm = st.substr(0, p) + '{' + st.substr(p, 2000);
sto = stm.replace(/{/g, '');
notPolluted = notPolluted && st === sto;
p = Math.random() * l * 0.9999999999;
stm = st.substr(0, p) + '*' + st.substr(p, 2000);
sto = stm.replace(/\*/g, '');
notPolluted = notPolluted && st === sto;
p = Math.random() * l * 0.9999999999;
stm = st.substr(0, p) + '$' + st.substr(p, 2000);
sto = stm.replace(/\$/g, '');
notPolluted = notPolluted && st === sto;
// lower
const stl = st.toLowerCase();
notPolluted = notPolluted && (stl.length === l) && stl[l - 1] && !(stl[l])
for (i = 0; i < l; i++) {
const s1 = st[i];
const s2 = stl[i];
const s1l = s1.toLowerCase();
notPolluted = notPolluted && s1l[0] === s2 && s1l[0] && !(s1l[1]);
}
}
return !notPolluted;
}
function hex2bin(hex) {
return ("00000000" + (parseInt(hex, 16)).toString(2)).substr(-8);
}
@ -747,4 +805,5 @@ exports.noop = noop;
exports.isRaspberry = isRaspberry;
exports.isRaspbian = isRaspbian;
exports.sanitizeShellString = sanitizeShellString;
exports.isPrototypePolluted = isPrototypePolluted;
exports.decodePiCpuinfo = decodePiCpuinfo;