From ae99a911a6e4129440a9cab7cfd424de9cb59f5c Mon Sep 17 00:00:00 2001 From: Sebastian Hildebrandt Date: Wed, 1 Jan 2025 09:10:49 +0100 Subject: [PATCH] __proto__ deno compatibility --- CHANGELOG.md | 1 + docs/history.html | 5 +++++ docs/index.html | 2 +- docs/os.html | 22 ++++++++++++++++++++++ lib/docker.js | 10 +++++++--- lib/internet.js | 28 ++++++++++++++++++++++++---- lib/network.js | 10 +++++++--- lib/processes.js | 20 ++++++++++++++------ lib/util.js | 27 ++++++++++++++++++++------- 9 files changed, 101 insertions(+), 24 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a3aef17..91fbdf1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -90,6 +90,7 @@ For major (breaking) changes - **version 4, 3 and 2** - see end of page. | Version | Date | Comment | | ------- | ---------- | --------------------------------------------------------------------------------------------------- | +| 5.24.3 | 2025-01-01 | `__proto__` deno compatibility | | 5.24.2 | 2025-01-01 | `versions()` fixed node version | | 5.24.1 | 2024-12-31 | `versions()` fixed deno and bun | | 5.24.0 | 2024-12-31 | `versions()` added deno and bun | diff --git a/docs/history.html b/docs/history.html index b0bfac8..49a7138 100644 --- a/docs/history.html +++ b/docs/history.html @@ -57,6 +57,11 @@ + + 5.24.3 + 2025-01-01 + prototype pollution() deno compatibility + 5.24.2 2025-01-01 diff --git a/docs/index.html b/docs/index.html index bd801ba..fd4f865 100644 --- a/docs/index.html +++ b/docs/index.html @@ -170,7 +170,7 @@
systeminformation
 
-
New Version: 5.24.2
+ 3
New Version: 5.24.2
diff --git a/docs/os.html b/docs/os.html index 7d91734..0300a0c 100644 --- a/docs/os.html +++ b/docs/os.html @@ -331,6 +331,26 @@ si.osInfo().then(data => console.log(data)); X node version + + + deno + X + X + X + X + X + deno version + + + + bun + X + X + X + X + X + bun version + v8 @@ -624,6 +644,8 @@ si.versions().then(data => console.log(data)); systemOpenssl: '2.8.3', systemOpensslLib: 'LibreSSL', node: '13.8.0', + bun: '1.1.21', + deno: '2.1.4', v8: '7.9.317.25-node.28', npm: '6.13.6', yarn: '', diff --git a/lib/docker.js b/lib/docker.js index 51afb0c..2f4b17d 100644 --- a/lib/docker.js +++ b/lib/docker.js @@ -453,9 +453,13 @@ function dockerContainerStats(containerIDs, callback) { return resolve([]); } let containerIDsSanitized = ''; - containerIDsSanitized.__proto__.toLowerCase = util.stringToLower; - containerIDsSanitized.__proto__.replace = util.stringReplace; - containerIDsSanitized.__proto__.trim = util.stringTrim; + try { + containerIDsSanitized.__proto__.toLowerCase = util.stringToLower; + containerIDsSanitized.__proto__.replace = util.stringReplace; + containerIDsSanitized.__proto__.trim = util.stringTrim; + } catch (e) { + Object.setPrototypeOf(containerIDsSanitized, util.stringObj); + } containerIDsSanitized = containerIDs; containerIDsSanitized = containerIDsSanitized.trim(); diff --git a/lib/internet.js b/lib/internet.js index ffa6e67..ac59d83 100644 --- a/lib/internet.js +++ b/lib/internet.js @@ -47,7 +47,12 @@ function inetChecksite(url, callback) { const l = util.mathMin(s.length, 2000); for (let i = 0; i <= l; i++) { if (s[i] !== undefined) { - s[i].__proto__.toLowerCase = util.stringToLower; + try { + s[i].__proto__.toLowerCase = util.stringToLower; + } catch (e) { + Object.setPrototypeOf(s[i], util.stringObj); + } + const sl = s[i].toLowerCase(); if (sl && sl[0] && !sl[1] && sl[0].length === 1) { urlSanitized = urlSanitized + sl[0]; @@ -57,7 +62,12 @@ function inetChecksite(url, callback) { result.url = urlSanitized; try { if (urlSanitized && !util.isPrototypePolluted()) { - urlSanitized.__proto__.startsWith = util.stringStartWith; + try { + urlSanitized.__proto__.startsWith = util.stringStartWith; + } catch (e) { + Object.setPrototypeOf(urlSanitized, util.stringObj); + } + if (urlSanitized.startsWith('file:') || urlSanitized.startsWith('gopher:') || urlSanitized.startsWith('telnet:') || urlSanitized.startsWith('mailto:') || urlSanitized.startsWith('news:') || urlSanitized.startsWith('nntp:')) { if (callback) { callback(result); } return resolve(result); @@ -108,14 +118,24 @@ function inetLatency(host, callback) { const l = util.mathMin(s.length, 2000); for (let i = 0; i <= l; i++) { if (!(s[i] === undefined)) { - s[i].__proto__.toLowerCase = util.stringToLower; + try { + s[i].__proto__.toLowerCase = util.stringToLower; + } catch (e) { + Object.setPrototypeOf(s[i], util.stringObj); + } + const sl = s[i].toLowerCase(); if (sl && sl[0] && !sl[1]) { hostSanitized = hostSanitized + sl[0]; } } } - hostSanitized.__proto__.startsWith = util.stringStartWith; + try { + hostSanitized.__proto__.startsWith = util.stringStartWith; + } catch (e) { + Object.setPrototypeOf(hostSanitized, util.stringObj); + } + if (hostSanitized.startsWith('file:') || hostSanitized.startsWith('gopher:') || hostSanitized.startsWith('telnet:') || hostSanitized.startsWith('mailto:') || hostSanitized.startsWith('news:') || hostSanitized.startsWith('nntp:')) { if (callback) { callback(null); } return resolve(null); diff --git a/lib/network.js b/lib/network.js index 17be947..25db882 100644 --- a/lib/network.js +++ b/lib/network.js @@ -1174,9 +1174,13 @@ function networkStats(ifaces, callback) { } ifaces = ifaces || getDefaultNetworkInterface(); - ifaces.__proto__.toLowerCase = util.stringToLower; - ifaces.__proto__.replace = util.stringReplace; - ifaces.__proto__.trim = util.stringTrim; + try { + ifaces.__proto__.toLowerCase = util.stringToLower; + ifaces.__proto__.replace = util.stringReplace; + ifaces.__proto__.trim = util.stringTrim; + } catch (e) { + Object.setPrototypeOf(ifaces, util.stringObj); + } ifaces = ifaces.trim().toLowerCase().replace(/,+/g, '|'); ifacesArray = ifaces.split('|'); diff --git a/lib/processes.js b/lib/processes.js index 3ee5a60..a657eff 100644 --- a/lib/processes.js +++ b/lib/processes.js @@ -126,9 +126,13 @@ function services(srv, callback) { if (srv) { let srvString = ''; - srvString.__proto__.toLowerCase = util.stringToLower; - srvString.__proto__.replace = util.stringReplace; - srvString.__proto__.trim = util.stringTrim; + try { + srvString.__proto__.toLowerCase = util.stringToLower; + srvString.__proto__.replace = util.stringReplace; + srvString.__proto__.trim = util.stringTrim; + } catch (e) { + Object.setPrototypeOf(srvString, util.stringObj); + } const s = util.sanitizeShellString(srv); const l = util.mathMin(s.length, 2000); @@ -982,9 +986,13 @@ function processLoad(proc, callback) { } let processesString = ''; - processesString.__proto__.toLowerCase = util.stringToLower; - processesString.__proto__.replace = util.stringReplace; - processesString.__proto__.trim = util.stringTrim; + try { + processesString.__proto__.toLowerCase = util.stringToLower; + processesString.__proto__.replace = util.stringReplace; + processesString.__proto__.trim = util.stringTrim; + } catch (e) { + Object.setPrototypeOf(processesString, util.stringObj); + } const s = util.sanitizeShellString(proc); const l = util.mathMin(s.length, 2000); diff --git a/lib/util.js b/lib/util.js index c76bf05..6719d95 100644 --- a/lib/util.js +++ b/lib/util.js @@ -84,6 +84,7 @@ function splitByNumber(str) { return [cpart, num]; } +const stringObj = new String(); const stringReplace = new String().replace; const stringToLower = new String().toLowerCase; const stringToString = new String().toString; @@ -758,11 +759,14 @@ function isPrototypePolluted() { let notPolluted = true; let st = ''; - st.__proto__.replace = stringReplace; - st.__proto__.toLowerCase = stringToLower; - st.__proto__.toString = stringToString; - st.__proto__.substr = stringSubstr; - + try { + st.__proto__.replace = stringReplace; + st.__proto__.toLowerCase = stringToLower; + st.__proto__.toString = stringToString; + st.__proto__.substr = stringSubstr; + } catch (e) { + Object.setPrototypeOf(st, stringObj); + } notPolluted = notPolluted || (s.length !== 62); const ms = Date.now(); if (typeof ms === 'number' && ms > 1600000000000) { @@ -782,7 +786,11 @@ function isPrototypePolluted() { // string manipulation let p = Math.random() * l * 0.9999999999; let stm = st.substr(0, p) + ' ' + st.substr(p, 2000); - stm.__proto__.replace = stringReplace; + try { + stm.__proto__.replace = stringReplace; + } catch (e) { + Object.setPrototypeOf(stm, stringObj); + } let sto = stm.replace(/ /g, ''); notPolluted = notPolluted && st === sto; p = Math.random() * l * 0.9999999999; @@ -803,7 +811,11 @@ function isPrototypePolluted() { notPolluted = notPolluted && (stl.length === l) && stl[l - 1] && !(stl[l]); for (let i = 0; i < l; i++) { const s1 = st[i]; - s1.__proto__.toLowerCase = stringToLower; + try { + s1.__proto__.toLowerCase = stringToLower; + } catch (e) { + Object.setPrototypeOf(st, stringObj); + } const s2 = stl ? stl[i] : ''; const s1l = s1.toLowerCase(); notPolluted = notPolluted && s1l[0] === s2 && s1l[0] && !(s1l[1]); @@ -2561,6 +2573,7 @@ exports.smartMonToolsInstalled = smartMonToolsInstalled; exports.linuxVersion = linuxVersion; exports.plistParser = plistParser; exports.plistReader = plistReader; +exports.stringObj = stringObj; exports.stringReplace = stringReplace; exports.stringToLower = stringToLower; exports.stringToString = stringToString;