From 8113ff0e87b2f422a5756c48f1057575e73af016 Mon Sep 17 00:00:00 2001 From: Sebastian Hildebrandt Date: Thu, 26 Nov 2020 18:15:15 +0100 Subject: [PATCH] adapted security update (prototype pollution prevention) --- CHANGELOG.md | 1 + docs/history.html | 5 +++++ docs/index.html | 2 +- lib/index.js | 3 --- lib/internet.js | 1 + lib/network.js | 9 +++++++-- lib/processes.js | 13 ++++++++++++- lib/util.js | 20 ++++++++++++++++++++ 8 files changed, 47 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0777810..5f4f31d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -30,6 +30,7 @@ For major (breaking) changes - version 3 and 2 see end of page. | Version | Date | Comment | | -------------- | -------------- | -------- | +| 4.30.5 | 2020-11-26 | adapted security update (prototype pollution prevention) | | 4.30.4 | 2020-11-25 | reverted Object.freeze because it broke some projects | | 4.30.3 | 2020-11-25 | security update (prototype pollution prevention) Object.freeze | | 4.30.2 | 2020-11-25 | security update (prototype pollution prevention) | diff --git a/docs/history.html b/docs/history.html index 77e7c0d..87f3926 100644 --- a/docs/history.html +++ b/docs/history.html @@ -83,6 +83,11 @@ + + 4.30.5 + 2020-11-26 + adapted security update (prototype pollution prevention) + 4.30.4 2020-11-25 diff --git a/docs/index.html b/docs/index.html index 085bb83..ac7add9 100644 --- a/docs/index.html +++ b/docs/index.html @@ -168,7 +168,7 @@
systeminformation
-
Current Version: 4.30.4
+
Current Version: 4.30.5
diff --git a/lib/index.js b/lib/index.js index d23ed9e..3c77372 100755 --- a/lib/index.js +++ b/lib/index.js @@ -21,9 +21,6 @@ // Dependencies // ---------------------------------------------------------------------------------- -// Object.freeze(String.prototype); -// Object.freeze(Object.prototype); - const lib_version = require('../package.json').version; const util = require('./util'); const system = require('./system'); diff --git a/lib/internet.js b/lib/internet.js index f6f7fc5..30c2e12 100644 --- a/lib/internet.js +++ b/lib/internet.js @@ -40,6 +40,7 @@ function inetChecksite(url, callback) { s[i] === ' ' || s[i] === '{' || s[i] === '}')) { + s[i].__proto__.toLowerCase = util.stringToLower; const sl = s[i].toLowerCase(); if (sl && sl[0] && !sl[1]) { urlSanitized = urlSanitized + sl[0]; diff --git a/lib/network.js b/lib/network.js index c969398..d1e8c60 100644 --- a/lib/network.js +++ b/lib/network.js @@ -1040,8 +1040,13 @@ function networkStatsSingle(iface) { return new Promise((resolve) => { process.nextTick(() => { - - const ifaceSanitized = util.isPrototypePolluted() ? '---' : util.sanitizeShellString(iface); + let ifaceSanitized = ''; + const s = util.isPrototypePolluted() ? '---' : util.sanitizeShellString(iface); + for (let i = 0; i <= 2000; i++) { + if (!(s[i] === undefined)) { + ifaceSanitized = ifaceSanitized + s[i]; + } + } let result = { iface: ifaceSanitized, diff --git a/lib/processes.js b/lib/processes.js index b942260..81eadcb 100644 --- a/lib/processes.js +++ b/lib/processes.js @@ -98,7 +98,18 @@ function services(srv, callback) { return new Promise((resolve) => { process.nextTick(() => { if (srv) { - let srvString = util.sanitizeShellString(srv); + let srvString = ''; + srvString.__proto__.toLowerCase = util.stringToLower; + srvString.__proto__.replace = util.stringReplace; + srvString.__proto__.trim = util.stringTrim; + + const s = util.sanitizeShellString(srv); + for (let i = 0; i <= 2000; i++) { + if (!(s[i] === undefined)) { + srvString = srvString + s[i]; + } + } + srvString = srvString.trim().toLowerCase().replace(/, /g, '|').replace(/,+/g, '|'); if (srvString === '') { srvString = '*'; diff --git a/lib/util.js b/lib/util.js index 877627e..9d6b4e0 100644 --- a/lib/util.js +++ b/lib/util.js @@ -48,6 +48,13 @@ function toInt(value) { return result; } + +const stringReplace = new String().replace; +const stringToLower = new String().toLowerCase; +const stringToString = new String().toString; +const stringSubstr = new String().substr; +const stringTrim = new String().trim; + function isFunction(functionToCheck) { let getType = {}; return functionToCheck && getType.toString.call(functionToCheck) === '[object Function]'; @@ -523,6 +530,12 @@ function isPrototypePolluted() { const s = '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ' let notPolluted = true; let st = ''; + + st.__proto__.replace = stringReplace; + st.__proto__.toLowerCase = stringToLower; + st.__proto__.toString = stringToString; + st.__proto__.substr = stringSubstr; + notPolluted = notPolluted || !(s.length === 62) const ms = Date.now(); if (typeof ms === 'number' && ms > 1600000000000) { @@ -542,6 +555,7 @@ function isPrototypePolluted() { // string manipulation let p = Math.random() * l * 0.9999999999; let stm = st.substr(0, p) + ' ' + st.substr(p, 2000); + stm.__proto__.replace = stringReplace; let sto = stm.replace(/ /g, ''); notPolluted = notPolluted && st === sto; p = Math.random() * l * 0.9999999999; @@ -562,6 +576,7 @@ function isPrototypePolluted() { notPolluted = notPolluted && (stl.length === l) && stl[l - 1] && !(stl[l]) for (let i = 0; i < l; i++) { const s1 = st[i]; + s1.__proto__.toLowerCase = stringToLower; const s2 = stl ? stl[i] : ''; const s1l = s1.toLowerCase(); notPolluted = notPolluted && s1l[0] === s2 && s1l[0] && !(s1l[1]); @@ -806,3 +821,8 @@ exports.isRaspbian = isRaspbian; exports.sanitizeShellString = sanitizeShellString; exports.isPrototypePolluted = isPrototypePolluted; exports.decodePiCpuinfo = decodePiCpuinfo; +exports.stringReplace = stringReplace; +exports.stringToLower = stringToLower; +exports.stringToString = stringToString; +exports.stringSubstr = stringSubstr; +exports.stringTrim = stringTrim;