mike/systeminformation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #4 from EffectRenan/master

Browse Source 
Fix Command Injection vulnerability
This commit is contained in:
huntr.dev | the place to protect open source 2021-02-13 19:40:47 +00:00 committed by GitHub
commit 74f5164c4c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
35 changed files with 188 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG.md
View File

@ -72,6 +72,9 @@ For major (breaking) changes - **version 4, 3 and 2** - see end of page.
| Version | Date | Comment |
| -------------- | -------------- | -------- |
| 5.3.0 | 2020-02-12 | `osInfo()` added remoteSession (windows) |
| 5.2.7 | 2020-02-12 | `fsStats()`, `blockDevices()` improved linux |
| 5.2.6 | 2020-02-12 | `inetLatency()` fixed possible DOS intrusion |
| 5.2.5 | 2020-02-11 | `processes()` fixed truncated params (linux) |
| 5.2.4 | 2020-02-11 | `currentLoad()` fixed issue |
| 5.2.3 | 2020-02-11 | `diskLayout()` added USB drives (mac OS) |

2
README.md
View File

@ -102,6 +102,7 @@ si.cpu()
(last 7 major and minor version releases)
- Version 5.3.0: `osInfo()` added remoteSession (win only)
- Version 5.2.0: `wifiInterfaces()` and `wifiConnections()` added
- Version 5.1.0: `memLayout()` added ECC flag, `bios()` added language, features (linux)
- Version 5.0.0: new version 5 - attention there are some breaking changes. See [detailed version 5 changes here][changes5-url].
@ -325,6 +326,7 @@ Full function reference with examples can be found at [https://systeminformation
| | servicepack | | | | X | | service pack version |
| | uefi | X | X | X | X | | OS started via UEFI |
| | hypervisor | | | | X | | hyper-v enabled? (win only) |
| | remoteSession | | | | X | | runs in remote session (win only) |
| si.uuid(cb) | {...} | X | X | X | X | X | object of several UUIDs |
| | os | X | X | X | X | | os specific UUID |
| | hardware | X | X | X | X | | hardware specific UUID |

15
docs/history.html
View File

@ -56,6 +56,21 @@
</tr>
</thead>
<tbody>
<tr>
<th scope="row">5.3.0</th>
<td>2020-02-12</td>
<td><span class="code">osInfo()</span> added remoteSession (windows)</td>
</tr>
<tr>
<th scope="row">5.2.7</th>
<td>2020-02-12</td>
<td><span class="code">fsStats()</span> and <span class="code">blockdevices()</span> improvements (linux)</td>
</tr>
<tr>
<th scope="row">5.2.6</th>
<td>2020-02-12</td>
<td><span class="code">inetLatency()</span> fix DOS vulnerability</td>
</tr>
<tr>
<th scope="row">5.2.5</th>
<td>2020-02-11</td>

4
docs/index.html
View File

@ -166,11 +166,11 @@
<body>
<header class="bg-image-full">
<div class="top-container">
<a href="security.html" class="recommendation">Security advisory:<br>Update to v4.31.1</a>
<a href="security.html" class="recommendation">Security advisory:<br>Update to v5.2.6</a>
<img class="logo" src="assets/logo.png">
<div class="title">systeminformation</div>
<div class="subtitle"><span id="typed"></span>&nbsp;</div>
<div class="version">New Version: <span id="version">5.2.5</span></div>
<div class="version">New Version: <span id="version">5.3.0</span></div>
<button class="btn btn-light" onclick="location.href='https://github.com/sebhildebrandt/systeminformation'">View on Github <i class=" fab fa-github"></i></button>
</div>
<div class="down">

10
docs/os.html
View File

@ -226,6 +226,16 @@
<td></td>
<td>hyper-v detected (win only)</td>
</tr>
<tr>
<td></td>
<td>remoteSession</td>
<td></td>
<td></td>
<td></td>
<td>X</td>
<td></td>
<td>runs in remote session (win only)</td>
</tr>
<tr class="example">
<td></td>
<td colspan="7">

43
docs/security.html
View File

@ -43,11 +43,28 @@
<div class="col-12 sectionheader">
<div class="title">Security Advisories</div>
<div class="text">
<h2>DOS Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span>
&lt; 5.2.6 and &lt; 4.34.10<br>
<span class="bold">Date:</span> 2021-02-12<br>
<span class="bold">CVE indentifier</span> -
</p>
<h4>Impact</h4>
<p>Here we had an issue that there was a possibility to perform a ping command execution for too long time. Affected commands: <span class="code">inetLatency()</span>.</p>
<h4>Patch</h4>
<p>Problem was fixed with a shell string sanitation fix. Please upgrade to version >= 5.2.6 (or >= 4.34.10 if you are using version 4).</p>
<h4>Workarround</h4>
<p>If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to <span class="code">inetLatency()</span> (no spaces)</p>
<hr>
<br>
<h2>Command Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span>
< 4.31.1<br>
<span class="bold">Date:</span> 2020-12-11<br>
<span class="bold">CVE indentifier</span> CVE-2020-26274, CVE-2020-28448
&lt; 4.31.1<br>
<span class="bold">Date:</span> 2020-12-11<br>
<span class="bold">CVE indentifier</span> CVE-2020-26274, CVE-2020-28448
</p>
<h4>Impact</h4>
@ -59,12 +76,13 @@
<h4>Workarround</h4>
<p>If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to <span class="code">inetLatency()</span></p>
<h2>command injection vulnerability - prototype pollution</h2>
<hr>
<br>
<h2>Command Injection Vulnerability - Prototype Pollution</h2>
<p><span class="bold">Affected versions:</span>
< 4.30.5<br>
<span class="bold">Date:</span> 2020-11-26<br>
<span class="bold">CVE indentifier</span> CVE-2020-26245
&lt; 4.30.5<br>
<span class="bold">Date:</span> 2020-11-26<br>
<span class="bold">CVE indentifier</span> CVE-2020-26245
</p>
<h4>Impact</h4>
@ -76,12 +94,13 @@
<h4>Workarround</h4>
<p>If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to <span class="code">inetChecksite()</span></p>
<hr>
<br>
<h2>Command Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span>
< 4.27.11<br>
<span class="bold">Date:</span> 2020-10-26<br>
<span class="bold">CVE indentifier</span> CVE-2020-7752
&lt; 4.27.11<br>
<span class="bold">Date:</span> 2020-10-26<br>
<span class="bold">CVE indentifier</span> CVE-2020-7752
</p>
<h4>Impact</h4>

4
docs/v4/battery.html
View File

@ -29,7 +29,7 @@
<body>
<nav class="nav">
<div class="container">
<a href="."><img class="logo float-left" src="assets/logo.png">
<a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
<div class="title float-left">systeminformation - Version 4</div>
</a>
<div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@ -271,7 +271,7 @@ si.battery().then(data => console.log(data));</code></pre class="example">
<div class="row">
<div class="col-lg-4 col-12">
<ul class="list-unstyled">
<li><a href=".">Home</a></li>
<li><a href="/v4/index.html">Home</a></li>
<li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
<li><a href="contributors.html">Contributors</a></li>
<li>&nbsp;</li>

4
docs/v4/contributors.html
View File

@ -25,7 +25,7 @@
<body>
<nav class="nav">
<div class="container">
<a href="."><img class="logo float-left" src="assets/logo.png">
<a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
<div class="title float-left">systeminformation - Version 4</div>
</a>
<div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@ -80,7 +80,7 @@
<div class="row">
<div class="col-lg-4 col-12">
<ul class="list-unstyled">
<li><a href=".">Home</a></li>
<li><a href="/v4/index.html">Home</a></li>
<li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
<li><a href="contributors.html">Contributors</a></li>
<li>&nbsp;</li>

4
docs/v4/copyright.html
View File

@ -25,7 +25,7 @@
<body>
<nav class="nav">
<div class="container">
<a href="."><img class="logo float-left" src="assets/logo.png">
<a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
<div class="title float-left">systeminformation - Version 4</div>
</a>
<div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@ -75,7 +75,7 @@
<div class="row">
<div class="col-lg-4 col-12">
<ul class="list-unstyled">
<li><a href=".">Home</a></li>
<li><a href="/v4/index.html">Home</a></li>
<li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
<li><a href="contributors.html">Contributors</a></li>
<li>&nbsp;</li>

4
docs/v4/cpu.html
View File

@ -29,7 +29,7 @@
<body>
<nav class="nav">
<div class="container">
<a href="."><img class="logo float-left" src="assets/logo.png">
<a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
<div class="title float-left">systeminformation - Version 4</div>
</a>
<div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@ -564,7 +564,7 @@ si.cpuTemperature().then(data => console.log(data));</code></pre class="example"
<div class="row">
<div class="col-lg-4 col-12">
<ul class="list-unstyled">
<li><a href=".">Home</a></li>
<li><a href="/v4/index.html">Home</a></li>
<li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
<li><a href="contributors.html">Contributors</a></li>
<li>&nbsp;</li>

4
docs/v4/docker.html
View File

@ -29,7 +29,7 @@
<body>
<nav class="nav">
<div class="container">
<a href="."><img class="logo float-left" src="assets/logo.png">
<a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
<div class="title float-left">systeminformation - Version 4</div>
</a>
<div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@ -1049,7 +1049,7 @@
<div class="row">
<div class="col-lg-4 col-12">
<ul class="list-unstyled">
<li><a href=".">Home</a></li>
<li><a href="/v4/index.html">Home</a></li>
<li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
<li><a href="contributors.html">Contributors</a></li>
<li>&nbsp;</li>

4
docs/v4/filesystem.html
View File

@ -29,7 +29,7 @@
<body>
<nav class="nav">
<div class="container">
<a href="."><img class="logo float-left" src="assets/logo.png">
<a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
<div class="title float-left">systeminformation - Version 4</div>
</a>
<div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@ -856,7 +856,7 @@ setInterval(function() {
<div class="row">
<div class="col-lg-4 col-12">
<ul class="list-unstyled">
<li><a href=".">Home</a></li>
<li><a href="/v4/index.html">Home</a></li>
<li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
<li><a href="contributors.html">Contributors</a></li>
<li>&nbsp;</li>

4
docs/v4/general.html
View File

@ -29,7 +29,7 @@
<body>
<nav class="nav">
<div class="container">
<a href="."><img class="logo float-left" src="assets/logo.png">
<a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
<div class="title float-left">systeminformation - Version 4</div>
</a>
<div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@ -321,7 +321,7 @@ si.get(valueObject).then(data => console.log(data));</code></pre class="example"
<div class="row">
<div class="col-lg-4 col-12">
<ul class="list-unstyled">
<li><a href=".">Home</a></li>
<li><a href="/v4/index.html">Home</a></li>
<li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
<li><a href="contributors.html">Contributors</a></li>
<li>&nbsp;</li>

4
docs/v4/gettingstarted.html
View File

@ -29,7 +29,7 @@
<body>
<nav class="nav">
<div class="container">
<a href="."><img class="logo float-left" src="assets/logo.png">
<a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
<div class="title float-left">systeminformation - Version 4</div>
</a>
<div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@ -141,7 +141,7 @@ async function cpuData() {
<div class="row">
<div class="col-lg-4 col-12">
<ul class="list-unstyled">
<li><a href=".">Home</a></li>
<li><a href="/v4/index.html">Home</a></li>
<li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
<li><a href="contributors.html">Contributors</a></li>
<li>&nbsp;</li>

4
docs/v4/graphics.html
View File

@ -29,7 +29,7 @@
<body>
<nav class="nav">
<div class="container">
<a href="."><img class="logo float-left" src="assets/logo.png">
<a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
<div class="title float-left">systeminformation - Version 4</div>
</a>
<div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@ -517,7 +517,7 @@ si.graphics().then(data => console.log(data));</code></pre class="example">
<div class="row">
<div class="col-lg-4 col-12">
<ul class="list-unstyled">
<li><a href=".">Home</a></li>
<li><a href="/v4/index.html">Home</a></li>
<li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
<li><a href="contributors.html">Contributors</a></li>
<li>&nbsp;</li>

33
docs/v4/history.html
View File

@ -25,7 +25,7 @@
<body>
<nav class="nav">
<div class="container">
<a href="."><img class="logo float-left" src="assets/logo.png">
<a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
<div class="title float-left">systeminformation - Version 4</div>
</a>
<div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@ -83,64 +83,69 @@
</tr>
</thead>
<tbody>
<tr>
<th scope="row">4.34.10</th>
<td>2020-02-12</td>
<td><span class="code">inetLatency()</span> possible DOS intrusion fix</td>
</tr>
<tr>
<th scope="row">4.34.9</th>
<td>2020-01-25</td>
<td>2021-01-25</td>
<td><span class="code">graphics()</span> virtual controller vram value fix (win)</td>
</tr>
<tr>
<th scope="row">4.34.8</th>
<td>2020-01-25</td>
<td>2021-01-25</td>
<td><span class="code">graphics()</span> controller subDeviceId fix (win)</td>
</tr>
<tr>
<th scope="row">4.34.7</th>
<td>2020-01-13</td>
<td>2021-01-13</td>
<td><span class="code">services()</span> improved service discovery linux</td>
</tr>
<tr>
<th scope="row">4.34.6</th>
<td>2020-01-12</td>
<td>2021-01-12</td>
<td><span class="code">networkInterfaces()</span> catch errors</td>
</tr>
<tr>
<th scope="row">4.34.5</th>
<td>2020-01-07</td>
<td>2021-01-07</td>
<td><span class="code">networkInterfaceDefault()</span> fixed CMD popup (windows)</td>
</tr>
<tr>
<th scope="row">4.34.4</th>
<td>2020-01-06</td>
<td>2021-01-06</td>
<td><span class="code">system()</span> fixed vitrual catch error</td>
</tr>
<tr>
<th scope="row">4.34.3</th>
<td>2020-01-06</td>
<td>2021-01-06</td>
<td><span class="code">graphics()</span> issue non nvidia-smi controllers fixed (win)</td>
</tr>
<tr>
<th scope="row">4.34.2</th>
<td>2020-01-05</td>
<td>2021-01-05</td>
<td><span class="code">system()</span> uuid now lowercase - as in uuid()</td>
</tr>
<tr>
<th scope="row">4.34.1</th>
<td>2020-01-05</td>
<td>2021-01-05</td>
<td><span class="code">graphics()</span> nvidia-smi detection improved</td>
</tr>
<tr>
<th scope="row">4.34.0</th>
<td>2020-01-05</td>
<td>2021-01-05</td>
<td><span class="code">system()</span> added flag virtual</td>
</tr>
<tr>
<th scope="row">4.33.8</th>
<td>2020-01-04</td>
<td>2021-01-04</td>
<td><span class="code">virtualBox()</span> fix issue windows host</td>
</tr>
<tr>
<th scope="row">4.33.7</th>
<td>2020-01-04</td>
<td>2021-01-04</td>
<td><span class="code">graphics()</span> nvidia-smi detection improved</td>
</tr>
<tr>
@ -2044,7 +2049,7 @@
<div class="row">
<div class="col-lg-4 col-12">
<ul class="list-unstyled">
<li><a href=".">Home</a></li>
<li><a href="/v4/index.html">Home</a></li>
<li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
<li><a href="contributors.html">Contributors</a></li>
<li>&nbsp;</li>

6
docs/v4/index.html
View File

@ -165,12 +165,12 @@
<body>
<header class="bg-image-full">
<div class="container">
<a href="security.html" class="recommendation">Security advisory:<br>Update to v4.31.1</a>
<a href="security.html" class="recommendation">Security advisory:<br>Update to v4.34.10</a>
<img class="logo" src="assets/logo.png">
<div class="title">systeminformation </div>
<div class="subtitle"><span id="typed"></span>&nbsp;</div>
<div class="version larger">Version 4 documentation</div>
<div class="version">Current Version: <span id="version">4.34.9</span></div>
<div class="version">Current Version: <span id="version">4.34.10</span></div>
<button class="btn btn-light" onclick="location.href='https://github.com/sebhildebrandt/systeminformation'">View on Github <i class=" fab fa-github"></i></button>
</div>
<div class="down">
@ -331,7 +331,7 @@
<div class="row">
<div class="col-lg-4 col-12">
<ul class="list-unstyled">
<li><a href=".">Home</a></li>
<li><a href="/v4/index.html">Home</a></li>
<li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
<li><a href="contributors.html">Contributors</a></li>
<li>&nbsp;</li>

4
docs/v4/issues.html
View File

@ -25,7 +25,7 @@
<body>
<nav class="nav">
<div class="container">
<a href="."><img class="logo float-left" src="assets/logo.png">
<a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
<div class="title float-left">systeminformation - Version 4</div>
</a>
<div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@ -90,7 +90,7 @@
<div class="row">
<div class="col-lg-4 col-12">
<ul class="list-unstyled">
<li><a href=".">Home</a></li>
<li><a href="/v4/index.html">Home</a></li>
<li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
<li><a href="contributors.html">Contributors</a></li>
<li>&nbsp;</li>

4
docs/v4/memory.html
View File

@ -29,7 +29,7 @@
<body>
<nav class="nav">
<div class="container">
<a href="."><img class="logo float-left" src="assets/logo.png">
<a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
<div class="title float-left">systeminformation - Version 4</div>
</a>
<div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@ -389,7 +389,7 @@ si.memLayout().then(data => console.log(data));</code></pre class="example">
<div class="row">
<div class="col-lg-4 col-12">
<ul class="list-unstyled">
<li><a href=".">Home</a></li>
<li><a href="/v4/index.html">Home</a></li>
<li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
<li><a href="contributors.html">Contributors</a></li>
<li>&nbsp;</li>

4
docs/v4/network.html
View File

@ -29,7 +29,7 @@
<body>
<nav class="nav">
<div class="container">
<a href="."><img class="logo float-left" src="assets/logo.png">
<a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
<div class="title float-left">systeminformation - Version 4</div>
</a>
<div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@ -776,7 +776,7 @@ setInterval(function() {
<div class="row">
<div class="col-lg-4 col-12">
<ul class="list-unstyled">
<li><a href=".">Home</a></li>
<li><a href="/v4/index.html">Home</a></li>
<li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
<li><a href="contributors.html">Contributors</a></li>
<li>&nbsp;</li>

4
docs/v4/os.html
View File

@ -29,7 +29,7 @@
<body>
<nav class="nav">
<div class="container">
<a href="."><img class="logo float-left" src="assets/logo.png">
<a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
<div class="title float-left">systeminformation - Version 4</div>
</a>
<div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@ -718,7 +718,7 @@ si.users().then(data => console.log(data));</code></pre class="example">
<div class="row">
<div class="col-lg-4 col-12">
<ul class="list-unstyled">
<li><a href=".">Home</a></li>
<li><a href="/v4/index.html">Home</a></li>
<li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
<li><a href="contributors.html">Contributors</a></li>
<li>&nbsp;</li>

4
docs/v4/processes.html
View File

@ -29,7 +29,7 @@
<body>
<nav class="nav">
<div class="container">
<a href="."><img class="logo float-left" src="assets/logo.png">
<a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
<div class="title float-left">systeminformation - Version 4</div>
</a>
<div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@ -714,7 +714,7 @@ si.services('mysql, postgres').then(data => console.log(data));</code></pre clas
<div class="row">
<div class="col-lg-4 col-12">
<ul class="list-unstyled">
<li><a href=".">Home</a></li>
<li><a href="/v4/index.html">Home</a></li>
<li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
<li><a href="contributors.html">Contributors</a></li>
<li>&nbsp;</li>

20
docs/v4/security.html
View File

@ -25,7 +25,7 @@
<body>
<nav class="nav">
<div class="container">
<a href="."><img class="logo float-left" src="assets/logo.png">
<a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
<div class="title float-left">systeminformation - Version 4</div>
</a>
<div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@ -42,6 +42,22 @@
<div class="col-12 sectionheader">
<div class="title">Security Advisories</div>
<div class="text">
<h2>DOS Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span>
&lt; 4.34.10<br>
<span class="bold">Date:</span> 2021-02-12<br>
<span class="bold">CVE indentifier</span> -
</p>
<h4>Impact</h4>
<p>Here we had an issue that there was a possibility to perform a ping command execution for too long time. Affected commands: <span class="code">inetLatency()</span>.</p>
<h4>Patch</h4>
<p>Problem was fixed with a shell string sanitation fix. Please upgrade to version >= 4.34.10 if you are using version 4.</p>
<h4>Workarround</h4>
<p>If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to <span class="code">inetLatency()</span> (no spaces)</p>
<h2>Command Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span>
< 4.31.1<br>
@ -104,7 +120,7 @@
<div class="row">
<div class="col-lg-4 col-12">
<ul class="list-unstyled">
<li><a href=".">Home</a></li>
<li><a href="/v4/index.html">Home</a></li>
<li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
<li><a href="contributors.html">Contributors</a></li>
<li>&nbsp;</li>

4
docs/v4/statsfunctions.html
View File

@ -29,7 +29,7 @@
<body>
<nav class="nav">
<div class="container">
<a href="."><img class="logo float-left" src="assets/logo.png">
<a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
<div class="title float-left">systeminformation - Version 4</div>
</a>
<div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@ -130,7 +130,7 @@ setTimeout(() => {
<div class="row">
<div class="col-lg-4 col-12">
<ul class="list-unstyled">
<li><a href=".">Home</a></li>
<li><a href="/v4/index.html">Home</a></li>
<li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
<li><a href="contributors.html">Contributors</a></li>
<li>&nbsp;</li>

4
docs/v4/system.html
View File

@ -29,7 +29,7 @@
<body>
<nav class="nav">
<div class="container">
<a href="."><img class="logo float-left" src="assets/logo.png">
<a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
<div class="title float-left">systeminformation - Version 4</div>
</a>
<div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@ -423,7 +423,7 @@ si.chassis().then(data => console.log(data));</code></pre class="example">
<div class="row">
<div class="col-lg-4 col-12">
<ul class="list-unstyled">
<li><a href=".">Home</a></li>
<li><a href="/v4/index.html">Home</a></li>
<li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
<li><a href="contributors.html">Contributors</a></li>
<li>&nbsp;</li>

4
docs/v4/trademarks.html
View File

@ -25,7 +25,7 @@
<body>
<nav class="nav">
<div class="container">
<a href="."><img class="logo float-left" src="assets/logo.png">
<a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
<div class="title float-left">systeminformation - Version 4</div>
</a>
<div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@ -81,7 +81,7 @@
<div class="row">
<div class="col-lg-4 col-12">
<ul class="list-unstyled">
<li><a href=".">Home</a></li>
<li><a href="/v4/index.html">Home</a></li>
<li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
<li><a href="contributors.html">Contributors</a></li>
<li>&nbsp;</li>

4
docs/v4/vbox.html
View File

@ -29,7 +29,7 @@
<body>
<nav class="nav">
<div class="container">
<a href="."><img class="logo float-left" src="assets/logo.png">
<a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
<div class="title float-left">systeminformation - Version 4</div>
</a>
<div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@ -449,7 +449,7 @@
<div class="row">
<div class="col-lg-4 col-12">
<ul class="list-unstyled">
<li><a href=".">Home</a></li>
<li><a href="/v4/index.html">Home</a></li>
<li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
<li><a href="contributors.html">Contributors</a></li>
<li>&nbsp;</li>

4
docs/v4/wifi.html
View File

@ -29,7 +29,7 @@
<body>
<nav class="nav">
<div class="container">
<a href="."><img class="logo float-left" src="assets/logo.png">
<a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
<div class="title float-left">systeminformation - Version 4</div>
</a>
<div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@ -226,7 +226,7 @@ si.wifiNetworks().then(data => console.log(data));</code></pre class="example">
<div class="row">
<div class="col-lg-4 col-12">
<ul class="list-unstyled">
<li><a href=".">Home</a></li>
<li><a href="/v4/index.html">Home</a></li>
<li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
<li><a href="contributors.html">Contributors</a></li>
<li>&nbsp;</li>

8
lib/filesystem.js
View File

@ -509,13 +509,13 @@ function fsStats(callback) {
if ((_fs_speed && !_fs_speed.ms) || (_fs_speed && _fs_speed.ms && Date.now() - _fs_speed.ms >= 500)) {
if (_linux) {
// exec("df -k | grep /dev/", function(error, stdout) {
exec('lsblk 2>/dev/null | grep /', function (error, stdout) {
exec('lsblk -r 2>/dev/null | grep /', function (error, stdout) {
if (!error) {
let lines = stdout.toString().split('\n');
let fs_filter = [];
lines.forEach(function (line) {
if (line !== '') {
line = line.replace(/[├─│└]+/g, '').trim().split(' ');
line = line.trim().split(' ');
if (fs_filter.indexOf(line[0]) === -1) { fs_filter.push(line[0]); }
}
});
@ -799,14 +799,14 @@ function diskLayout(callback) {
try {
const outJSON = JSON.parse(out);
if (outJSON && {}.hasOwnProperty.call(outJSON, 'blockdevices')) {
devices = outJSON.blockdevices.filter(item => { return (item.group === 'disk' || item.type === 'disk') && item.size > 0 && (item.model !== null || (item.mountpoint === null && item.label === null && item.fsType === null && item.parttype === null)); });
devices = outJSON.blockdevices.filter(item => { return (item.type === 'disk') && item.size > 0 && (item.model !== null || (item.mountpoint === null && item.label === null && item.fsType === null && item.parttype === null)); });
}
} catch (e) {
// fallback to older version of lsblk
const out2 = execSync('export LC_ALL=C; lsblk -bPo NAME,TYPE,SIZE,FSTYPE,MOUNTPOINT,UUID,ROTA,RO,RM,LABEL,MODEL,OWNER,GROUP 2>/dev/null; unset LC_ALL').toString();
let lines = blkStdoutToObject(out2).split('\n');
const data = parseBlk(lines);
devices = data.filter(item => { return (item.group === 'disk' || item.type === 'disk') && item.size > 0 && ((item.model !== null && item.model !== '') || (item.mountpoint === '' && item.label === '' && item.fsType === '')); });
devices = data.filter(item => { return (item.type === 'disk') && item.size > 0 && ((item.model !== null && item.model !== '') || (item.mount === '' && item.label === '' && item.fsType === '')); });
}
devices.forEach((device) => {
let mediumType = '';

1
lib/index.d.ts vendored
View File

@ -315,6 +315,7 @@ export namespace Systeminformation {
servicepack: string;
uefi: boolean;
hypervizor?: boolean;
remoteSession?: boolean;
}
interface UuidData {

39
lib/internet.js
View File

@ -34,12 +34,20 @@ function inetChecksite(url, callback) {
return new Promise((resolve) => {
process.nextTick(() => {
let result = {
url: url,
ok: false,
status: 404,
ms: null
};
if (typeof url !== "string") {
if (callback) { callback(result); }
return resolve(result);
}
let urlSanitized = '';
const s = util.sanitizeShellString(url);
const s = util.sanitizeShellString(url, true);
for (let i = 0; i <= 2000; i++) {
if (!(s[i] === undefined ||
s[i] === '{' ||
s[i] === '}')) {
if (!(s[i] === undefined)) {
s[i].__proto__.toLowerCase = util.stringToLower;
const sl = s[i].toLowerCase();
if (sl && sl[0] && !sl[1]) {
@ -47,12 +55,7 @@ function inetChecksite(url, callback) {
}
}
}
let result = {
url: urlSanitized,
ok: false,
status: 404,
ms: null
};
result.url = urlSanitized;
try {
if (urlSanitized && !util.isPrototypePolluted()) {
let t = Date.now();
@ -125,10 +128,24 @@ function inetLatency(host, callback) {
}
host = host || '8.8.8.8';
const hostSanitized = (util.isPrototypePolluted() ? '8.8.8.8' : util.sanitizeShellString(host)).trim();
return new Promise((resolve) => {
process.nextTick(() => {
if (typeof host !== "string") {
if (callback) { callback(null); }
return resolve(null);
}
let hostSanitized = '';
const s = (util.isPrototypePolluted() ? '8.8.8.8' : util.sanitizeShellString(host, true)).trim();
for (let i = 0; i <= 2000; i++) {
if (!(s[i] === undefined)) {
s[i].__proto__.toLowerCase = util.stringToLower;
const sl = s[i].toLowerCase();
if (sl && sl[0] && !sl[1]) {
hostSanitized = hostSanitized + sl[0];
}
}
}
let params;
let filt;
if (_linux || _freebsd || _openbsd || _netbsd || _darwin) {

3
lib/osinfo.js
View File

@ -324,6 +324,7 @@ function osInfo(callback) {
const workload = [];
workload.push(util.wmic('os get /value'));
workload.push(execPromise('systeminfo', util.execOptsWin));
workload.push(util.powerShell('Add-Type -AssemblyName System.Windows.Forms; [System.Windows.Forms.SystemInformation]::TerminalServerSession'));
util.promiseAll(
workload
).then(data => {
@ -335,6 +336,8 @@ function osInfo(callback) {
result.codepage = util.getCodepage();
const systeminfo = data.results[1] ? data.results[1].toString() : '';
result.hypervisor = (systeminfo.indexOf('hypervisor has been detected') !== -1) || (systeminfo.indexOf('Es wurde ein Hypervisor erkannt') !== -1) || (systeminfo.indexOf('Un hyperviseur a ') !== -1);
const term = data.results[2] ? data.results[2].toString() : '';
result.remoteSession = (term.toString().toLowerCase().indexOf('true') >= 0);
isUefiWindows().then(uefi => {
result.uefi = uefi;
if (callback) {

5
lib/processes.js
View File

@ -99,6 +99,11 @@ function services(srv, callback) {
return new Promise((resolve) => {
process.nextTick(() => {
if (typeof srv !== "string") {
if (callback) { callback([]); }
return resolve([]);
}
if (srv) {
let srvString = '';
srvString.__proto__.toLowerCase = util.stringToLower;

8
lib/util.js
View File

@ -502,7 +502,7 @@ function countLines(lines, startingWith) {
return uniqueLines.length;
}
function sanitizeShellString(str) {
function sanitizeShellString(str, strict = false) {
const s = str || '';
let result = '';
for (let i = 0; i <= 2000; i++) {
@ -527,8 +527,10 @@ function sanitizeShellString(str) {
s[i] === '\n' ||
s[i] === '\'' ||
s[i] === '`' ||
s[i] === ' ' ||
s[i] === '"')) {
s[i] === '"' ||
strict && s[i] === ' ' ||
strict && s[i] == '{' ||
strict && s[i] == ')')) {
result = result + s[i];
}
}

2
package.json
View File

@ -1,6 +1,6 @@
{
"name": "systeminformation",
"version": "5.2.5",
"version": "5.3.0",
"description": "Simple system and OS information library",
"license": "MIT",
"author": "Sebastian Hildebrandt <hildebrandt@plus-innovations.com> (https://plus-innovations.com)",