inetChecksite() fixed vulnerability: command injection

2020-10-26 10:53:59 +01:00 · 2020-10-26 10:53:59 +01:00 · 931fecaec2
commit 931fecaec2
parent 443d85e3b8
4 changed files with 14 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -30,6 +30,7 @@ For major (breaking) changes - version 3 and 2 see end of page.

 | Version        | Date           | Comment  |
 | -------------- | -------------- | -------- |
+| 4.27.11        | 2020-10-26     | `inetChecksite()` fixed vulnerability: command injection |
 | 4.27.10        | 2020-10-16     | `dockerContainers()` resolved hanging issue |
 | 4.27.9         | 2020-10-13     | `networkInterfaces()` loopback internal detection (windows) |
 | 4.27.8         | 2020-10-08     | windows codepages partial fix |
--- a/docs/history.html
+++ b/docs/history.html
@ -83,6 +83,11 @@
                  </tr>
                </thead>
                <tbody>
+                  <tr>
+                    <th scope="row">4.27.11</th>
+                    <td>2020-10-26</td>
+                    <td><span class="code">inetChecksite()</span> fixed vulnerability: command injection</td>
+                  </tr>
                  <tr>
                    <th scope="row">4.27.10</th>
                    <td>2020-10-16</td>
--- a/docs/index.html
+++ b/docs/index.html
@ -168,7 +168,7 @@
      <img class="logo" src="assets/logo.png">
      <div class="title">systeminformation</div>
      <div class="subtitle"><span id="typed"></span></div>
-      <div class="version">Current Version: <span id="version">4.27.10</span></div>
+      <div class="version">Current Version: <span id="version">4.27.11</span></div>
      <button class="btn btn-light" onclick="location.href='https://github.com/sebhildebrandt/systeminformation'">View on Github <i class=" fab fa-github"></i></button>
    </div>
    <div class="down">
--- a/lib/internet.js
+++ b/lib/internet.js
@ -34,7 +34,13 @@ function inetChecksite(url, callback) {
  return new Promise((resolve) => {
    process.nextTick(() => {

-      const urlSanitized = util.sanitizeShellString(url).toLowerCase();
+      let urlSanitized = util.sanitizeShellString(url).toLowerCase();
+      urlSanitized = urlSanitized.replace(/ /g, '');
+      urlSanitized = urlSanitized.replace(/\$/g, '');
+      urlSanitized = urlSanitized.replace(/\(/g, '');
+      urlSanitized = urlSanitized.replace(/\)/g, '');
+      urlSanitized = urlSanitized.replace(/{/g, '');
+      urlSanitized = urlSanitized.replace(/}/g, '');
      let result = {
        url: urlSanitized,
        ok: false,