mike/systeminformation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

versions() fix Command Injection issue (linux), added smartmontools support (macOS)

Browse Source
This commit is contained in:
Sebastian Hildebrandt
2026-02-15 09:00:12 +01:00
parent 612d97e890
commit b67d3715ee
8 changed files with 115 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/filesystem.js
+55 -1
View File
@@ -1349,6 +1349,7 @@ function diskLayout(callback) {
resolve(result);
}
if (_darwin) {
let cmdFullSmart = '';
exec('system_profiler SPSerialATADataType SPNVMeDataType SPUSBDataType', { maxBuffer: 1024 * 1024 }, (error, stdout) => {
if (!error) {
// split by type:
@@ -1420,6 +1421,7 @@ function diskLayout(callback) {
BSDName: BSDName
});
cmd = cmd + 'printf "\n' + BSDName + '|"; diskutil info /dev/' + BSDName + ' | grep SMART;';
cmdFullSmart += `${cmdFullSmart ? 'printf ",";' : ''}smartctl -a -j ${BSDName};`;
}
}
});
@@ -1475,6 +1477,7 @@ function diskLayout(callback) {
BSDName: BSDName
});
cmd = `${cmd}printf "\n${BSDName}|"; diskutil info /dev/${BSDName} | grep SMART;`;
cmdFullSmart += `${cmdFullSmart ? 'printf ",";' : ''}smartctl -a -j ${BSDName};`;
}
}
});
@@ -1527,13 +1530,64 @@ function diskLayout(callback) {
BSDName: BSDName
});
cmd = cmd + 'printf "\n' + BSDName + '|"; diskutil info /dev/' + BSDName + ' | grep SMART;';
cmdFullSmart += `${cmdFullSmart ? 'printf ",";' : ''}smartctl -a -j ${BSDName};`;
}
}
});
} catch {
util.noop();
}
if (cmd) {
// check S.M.A.R.T. status
if (cmdFullSmart) {
exec(cmdFullSmart, { maxBuffer: 1024 * 1024 }, (error, stdout) => {
try {
const data = JSON.parse(`[${stdout}]`);
data.forEach((disk) => {
const diskBSDName = disk.smartctl.argv[disk.smartctl.argv.length - 1];
for (let i = 0; i < result.length; i++) {
if (result[i].BSDName === diskBSDName) {
result[i].smartStatus = disk.smart_status.passed ? 'Ok' : disk.smart_status.passed === false ? 'Predicted Failure' : 'unknown';
if (disk.temperature && disk.temperature.current) {
result[i].temperature = disk.temperature.current;
}
result[i].smartData = disk;
}
}
});
commitResult(result);
} catch (e) {
if (cmd) {
cmd = cmd + 'printf "\n"';
exec(cmd, { maxBuffer: 1024 * 1024 }, (error, stdout) => {
const lines = stdout.toString().split('\n');
lines.forEach((line) => {
if (line) {
const parts = line.split('|');
if (parts.length === 2) {
const BSDName = parts[0];
parts[1] = parts[1].trim();
const parts2 = parts[1].split(':');
if (parts2.length === 2) {
parts2[1] = parts2[1].trim();
const status = parts2[1].toLowerCase();
for (let i = 0; i < result.length; i++) {
if (result[i].BSDName === BSDName) {
result[i].smartStatus = status === 'passed' ? 'Ok' : status === 'failed!' ? 'Predicted Failure' : 'unknown';
}
}
}
}
}
});
commitResult(result);
});
} else {
commitResult(result);
}
}
});
} else if (cmd) {
cmd = cmd + 'printf "\n"';
exec(cmd, { maxBuffer: 1024 * 1024 }, (error, stdout) => {
const lines = stdout.toString().split('\n');
lib/osinfo.js
+7 -2
View File
@@ -769,9 +769,14 @@ function versions(apps, callback) {
if (_linux) {
exec('locate bin/postgres', (error, stdout) => {
if (!error) {
const postgresqlBin = stdout.toString().split('\n').sort();
const safePath = /^[a-zA-Z0-9/_.-]+$/;
const postgresqlBin = stdout
.toString()
.split('\n')
.filter((p) => safePath.test(p.trim()))
.sort();
if (postgresqlBin.length) {
exec(postgresqlBin[postgresqlBin.length - 1] + ' -V', (error, stdout) => {
execFile(postgresqlBin[postgresqlBin.length - 1], ['-V'], (error, stdout) => {
if (!error) {
const postgresql = stdout.toString().split('\n')[0].split(' ') || [];
appsObj.versions.postgresql = postgresql.length ? postgresql[postgresql.length - 1] : '';