Merge pull request #496 from 418sec/4-npm-systeminformation

Security Fix for Server-site request forgery - huntr.dev
2021-02-20 13:58:34 +01:00 · 2021-02-20 13:58:34 +01:00 · 881dde4734
commit 881dde4734
parent e561cc09c0 0e03d7cf77
2 changed files with 23 additions and 0 deletions
--- a/lib/poc.js
+++ b/lib/poc.js
@ -0,0 +1,22 @@
+let si = require('./internet');
+si.inetChecksite([]).then((a) => {
+  if (a.ok == false)
+    console.log("inetChecksite is fixed!")
+  else
+    console.log("inetChecksite is not fixed!")
+});
+
+
+si.inetLatency([]).then((a) => {
+  if (a == null)
+    console.log("inetLatency is fixed!")
+  else
+    console.log("inetLatency is not fixed!")
+});
+si = require('./processes');
+si.services([]).then((a) => {
+  if (typeof a == typeof [])
+    console.log("services is fixed!")
+  else
+    console.log("services is not fixed!")
+});
--- a/lib/util.js
+++ b/lib/util.js
@ -529,6 +529,7 @@ function sanitizeShellString(str, strict = false) {
      s[i] === '\'' ||
      s[i] === '`' ||
      s[i] === '"' ||
+      strict && s[i] === '@' ||
      strict && s[i] === ' ' ||
      strict && s[i] == '{' ||
      strict && s[i] == ')')) {