Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge pull request #1 from sebhildebrandt/master
Merge
  • Loading branch information
EffectRenan committed Feb 18, 2021
2 parents d4675e7 + e561cc0 commit 078ea40
Show file tree
Hide file tree
Showing 14 changed files with 200 additions and 42 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
Expand Up @@ -72,6 +72,9 @@ For major (breaking) changes - **version 4, 3 and 2** - see end of page.

| Version | Date | Comment |
| -------------- | -------------- | -------- |
| 5.3.3 | 2020-02-15 | `dockerContainerStats()` fixed ID splitting |
| 5.3.2 | 2020-02-15 | `inetLatency()` `ineChecksite()` fixed possible security issue (file://) |
| 5.3.1 | 2020-02-14 | `inetLatency()` `ineChecksite()` `servcices()` `processes()` fixed possible security issue (arrays) |
| 5.3.0 | 2020-02-12 | `osInfo()` added remoteSession (windows) |
| 5.2.7 | 2020-02-12 | `fsStats()`, `blockDevices()` improved linux |
| 5.2.6 | 2020-02-12 | `inetLatency()` fixed possible DOS intrusion |
Expand Down
15 changes: 15 additions & 0 deletions docs/history.html
Expand Up @@ -56,6 +56,21 @@ <h3>Full version history</h3>
</tr>
</thead>
<tbody>
<tr>
<th scope="row">5.3.3</th>
<td>2020-02-15</td>
<td><span class="code">dockerContainerStats()</span> fix correct ID splitting</td>
</tr>
<tr>
<th scope="row">5.3.2</th>
<td>2020-02-15</td>
<td><span class="code">inetLatency()</span> <span class="code">inetChecksite()</span> fix possible security issue (file://)</td>
</tr>
<tr>
<th scope="row">5.3.1</th>
<td>2020-02-14</td>
<td><span class="code">inetLatency()</span> <span class="code">inetChecksite()</span> <span class="code">services()</span> <span class="code">processLoad()</span> fix possible security issue</td>
</tr>
<tr>
<th scope="row">5.3.0</th>
<td>2020-02-12</td>
Expand Down
8 changes: 4 additions & 4 deletions docs/index.html
Expand Up @@ -166,11 +166,11 @@
<body>
<header class="bg-image-full">
<div class="top-container">
<a href="security.html" class="recommendation">Security advisory:<br>Update to v5.2.6</a>
<a href="security.html" class="recommendation">Security advisory:<br>Update to v5.3.2</a>
<img class="logo" src="assets/logo.png">
<div class="title">systeminformation</div>
<div class="subtitle"><span id="typed"></span>&nbsp;</div>
<div class="version">New Version: <span id="version">5.3.0</span></div>
<div class="version">New Version: <span id="version">5.3.3</span></div>
<button class="btn btn-light" onclick="location.href='https://github.com/sebhildebrandt/systeminformation'">View on Github <i class=" fab fa-github"></i></button>
</div>
<div class="down">
Expand Down Expand Up @@ -201,15 +201,15 @@
</div>
<div class="row number-section">
<div class="col-xl-4 col-lg-4 col-md-4 col-12">
<div class="numbers">13,752</div>
<div class="numbers">13,833</div>
<div class="title">Lines of code</div>
</div>
<div class="col-xl-4 col-lg-4 col-md-4 col-12">
<div id="downloads" class="numbers">...</div>
<div class="title">Downloads last month</div>
</div>
<div class="col-xl-4 col-lg-4 col-md-4 col-12">
<div class="numbers">382</div>
<div class="numbers">387</div>
<div class="title">Dependents</div>
</div>
</div>
Expand Down
34 changes: 34 additions & 0 deletions docs/security.html
Expand Up @@ -43,6 +43,40 @@
<div class="col-12 sectionheader">
<div class="title">Security Advisories</div>
<div class="text">
<h2>Insufficient File Scheme Validation</h2>
<p><span class="bold">Affected versions:</span>
&lt; 5.3.2 and &lt; 4.34.12<br>
<span class="bold">Date:</span> 2021-02-15<br>
<span class="bold">CVE indentifier</span> -
</p>

<h4>Impact</h4>
<p>We had an issue that there was a possibility to run inetChecksite against local files due to improper file scheme validation. Affected commands: <span class="code">inetLatency()</span>, <span class="code">inetChecksite()</span>.</p>

<h4>Patch</h4>
<p>Problem was fixed with additional parameter checking. Please upgrade to version >= 5.3.2 (or >= 4.34.12 if you are using version 4).</p>

<h4>Workarround</h4>
<p>If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to <span class="code">inetLatency()</span>, <span class="code">inetChecksite()</span> (sanitize `file://` parameter)</p>
<hr>
<br>
<h2>Command Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span>
&lt; 5.3.1 and &lt; 4.34.11<br>
<span class="bold">Date:</span> 2021-02-14<br>
<span class="bold">CVE indentifier</span> -
</p>

<h4>Impact</h4>
<p>We had an issue that there was a possibility to perform a potential command injection possibility by passing a manipulated array as a parameter to the following functions. Affected commands: <span class="code">inetLatency()</span>, <span class="code">inetChecksite()</span>, <span class="code">services()</span>, <span class="code">processLoad()</span>.</p>

<h4>Patch</h4>
<p>Problem was fixed with additional parameter checking. Please upgrade to version >= 5.3.1 (or >= 4.34.11 if you are using version 4).</p>

<h4>Workarround</h4>
<p>If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to <span class="code">inetLatency()</span>, <span class="code">inetChecksite()</span>, <span class="code">services()</span>, <span class="code">processLoad()</span> (string only)</p>
<hr>
<br>
<h2>DOS Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span>
&lt; 5.2.6 and &lt; 4.34.10<br>
Expand Down
2 changes: 1 addition & 1 deletion docs/v4/gettingstarted.html
Expand Up @@ -67,7 +67,7 @@ <h3>Attention:</h3>
<p>This library is supposed to be used as a <a href="https://nodejs.org/en/" rel="nofollow">node.js</a> backend/server-side library and will definilely not work within a browser.</p>

<h2>Installation (old version 4)</h2>
<pre>$ npm install systeminformation@4 —save</pre>
<pre>$ npm install systeminformation@4 —-save</pre>
<h2>Usage</h2>
<p>All functions (except <span class="code">version</span> and <span class="code">time</span>) are implemented as asynchronous functions. Here a small example how to use them:</p>
<pre><code class="js">const si = require('systeminformation');
Expand Down
10 changes: 10 additions & 0 deletions docs/v4/history.html
Expand Up @@ -83,6 +83,16 @@ <h3>Full version history</h3>
</tr>
</thead>
<tbody>
<tr>
<th scope="row">4.34.12</th>
<td>2020-02-15</td>
<td><span class="code">inetLatency()</span> <span class="code">inetChecksite()</span> fix possible security issue (file://)</td>
</tr>
<tr>
<th scope="row">4.34.11</th>
<td>2020-02-14</td>
<td><span class="code">inetLatency()</span> <span class="code">inetChecksite()</span> <span class="code">services()</span> <span class="code">processes()</span> possible security fix</td>
</tr>
<tr>
<th scope="row">4.34.10</th>
<td>2020-02-12</td>
Expand Down
4 changes: 2 additions & 2 deletions docs/v4/index.html
Expand Up @@ -165,12 +165,12 @@
<body>
<header class="bg-image-full">
<div class="container">
<a href="security.html" class="recommendation">Security advisory:<br>Update to v4.34.10</a>
<a href="security.html" class="recommendation">Security advisory:<br>Update to v4.34.11</a>
<img class="logo" src="assets/logo.png">
<div class="title">systeminformation </div>
<div class="subtitle"><span id="typed"></span>&nbsp;</div>
<div class="version larger">Version 4 documentation</div>
<div class="version">Current Version: <span id="version">4.34.10</span></div>
<div class="version">Current Version: <span id="version">4.34.12</span></div>
<button class="btn btn-light" onclick="location.href='https://github.com/sebhildebrandt/systeminformation'">View on Github <i class=" fab fa-github"></i></button>
</div>
<div class="down">
Expand Down
47 changes: 41 additions & 6 deletions docs/v4/security.html
Expand Up @@ -42,6 +42,40 @@
<div class="col-12 sectionheader">
<div class="title">Security Advisories</div>
<div class="text">
<h2>Insufficient File Scheme Validation</h2>
<p><span class="bold">Affected versions:</span>
4.34.12<br>
<span class="bold">Date:</span> 2021-02-15<br>
<span class="bold">CVE indentifier</span> -
</p>

<h4>Impact</h4>
<p>We had an issue that there was a possibility to run inetChecksite against local files due to improper file scheme validation. Affected commands: <span class="code">inetLatency()</span>, <span class="code">inetChecksite()</span>.</p>

<h4>Patch</h4>
<p>Problem was fixed with additional parameter checking. Please upgrade to version >= 4.34.12 if you are using version 4.</p>

<h4>Workarround</h4>
<p>If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to <span class="code">inetLatency()</span>, <span class="code">inetChecksite()</span> (sanitize `file://` parameter)</p>
<hr>
<br>
<h2>Command Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span>
&lt; 4.34.11<br>
<span class="bold">Date:</span> 2021-02-14<br>
<span class="bold">CVE indentifier</span> -
</p>

<h4>Impact</h4>
<p>We had an issue that there was a possibility to perform a potential command injection possibility by passing a manipulated array as a parameter to the following functions. Affected commands: <span class="code">inetLatency()</span>, <span class="code">inetChecksite()</span>, <span class="code">services()</span>, <span class="code">processLoad()</span>.</p>

<h4>Patch</h4>
<p>Problem was fixed with additional parameter checking. Please upgrade to version >= 4.34.11 if you are using version 4.</p>

<h4>Workarround</h4>
<p>If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to <span class="code">inetLatency()</span>, <span class="code">inetChecksite()</span>, <span class="code">services()</span>, <span class="code">processLoad()</span> (string only)</p>
<hr>
<br>
<h2>DOS Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span>
&lt; 4.34.10<br>
Expand All @@ -57,7 +91,8 @@ <h4>Patch</h4>

<h4>Workarround</h4>
<p>If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to <span class="code">inetLatency()</span> (no spaces)</p>

<hr>
<br>
<h2>Command Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span>
< 4.31.1<br>
Expand All @@ -73,9 +108,9 @@ <h4>Patch</h4>

<h4>Workarround</h4>
<p>If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to <span class="code">inetLatency()</span></p>


<h2>command injection vulnerability - prototype pollution</h2>
<hr>
<br>
<h2>Command Injection Vulnerability - prototype pollution</h2>
<p><span class="bold">Affected versions:</span>
< 4.30.5<br>
<span class="bold">Date:</span> 2020-11-26<br>
Expand All @@ -90,8 +125,8 @@ <h4>Patch</h4>

<h4>Workarround</h4>
<p>If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to <span class="code">inetChecksite()</span></p>


<hr>
<br>
<h2>Command Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span>
< 4.27.11<br>
Expand Down
64 changes: 48 additions & 16 deletions lib/docker.js
Expand Up @@ -109,6 +109,9 @@ function dockerContainers(all, callback) {
callback = all;
all = false;
}
if (typeof all !== 'boolean' && all !== undefined) {
all = false;
}

all = all || false;
let result = [];
Expand Down Expand Up @@ -185,16 +188,20 @@ function dockerContainers(all, callback) {
// container inspect (for one container)

function dockerContainerInspect(containerID, payload) {
containerID = containerID || '';
return new Promise((resolve) => {
process.nextTick(() => {
if (containerID) {
containerID = containerID || '';
if (typeof containerID !== 'string') {
resolve();
}
const containerIdSanitized = (util.isPrototypePolluted() ? '' : util.sanitizeShellString(containerID, true)).trim();
if (containerIdSanitized) {

if (!_docker_socket) {
_docker_socket = new DockerSocket();
}

_docker_socket.getInspect(containerID.trim(), data => {
_docker_socket.getInspect(containerIdSanitized.trim(), data => {
try {
resolve({
id: payload.Id,
Expand Down Expand Up @@ -325,19 +332,39 @@ function docker_calcBlockIO(blkio_stats) {
function dockerContainerStats(containerIDs, callback) {

let containerArray = [];
// fallback - if only callback is given
if (util.isFunction(containerIDs) && !callback) {
callback = containerIDs;
containerArray = ['*'];
} else {
containerIDs = containerIDs || '*';
containerIDs = containerIDs.trim().toLowerCase().replace(/,+/g, '|');
containerArray = containerIDs.split('|');
}

return new Promise((resolve) => {
process.nextTick(() => {

// fallback - if only callback is given
if (util.isFunction(containerIDs) && !callback) {
callback = containerIDs;
containerArray = ['*'];
} else {
containerIDs = containerIDs || '*';
if (typeof containerIDs !== 'string') {
if (callback) { callback([]); }
return resolve([]);
}
let containerIDsSanitized = '';
containerIDsSanitized.__proto__.toLowerCase = util.stringToLower;
containerIDsSanitized.__proto__.replace = util.stringReplace;
containerIDsSanitized.__proto__.trim = util.stringTrim;

const s = (util.isPrototypePolluted() ? '' : util.sanitizeShellString(containerIDs, true)).trim();
for (let i = 0; i <= 2000; i++) {
if (!(s[i] === undefined)) {
s[i].__proto__.toLowerCase = util.stringToLower;
const sl = s[i].toLowerCase();
if (sl && sl[0] && !sl[1]) {
containerIDsSanitized = containerIDsSanitized + sl[0];
}
}
}

containerIDsSanitized = containerIDsSanitized.trim().toLowerCase().replace(/,+/g, '|');
containerArray = containerIDsSanitized.split('|');
}

const result = [];

const workload = [];
Expand Down Expand Up @@ -444,17 +471,22 @@ exports.dockerContainerStats = dockerContainerStats;
// container processes (for one container)

function dockerContainerProcesses(containerID, callback) {
containerID = containerID || '';
let result = [];
return new Promise((resolve) => {
process.nextTick(() => {
if (containerID) {
containerID = containerID || '';
if (typeof containerID !== 'string') {
resolve(result);
}
const containerIdSanitized = (util.isPrototypePolluted() ? '' : util.sanitizeShellString(containerID, true)).trim();

if (containerIdSanitized) {

if (!_docker_socket) {
_docker_socket = new DockerSocket();
}

_docker_socket.getProcesses(containerID, data => {
_docker_socket.getProcesses(containerIdSanitized, data => {
/**
* @namespace
* @property {Array} Titles
Expand Down
14 changes: 12 additions & 2 deletions lib/internet.js
Expand Up @@ -40,7 +40,7 @@ function inetChecksite(url, callback) {
status: 404,
ms: null
};
if (typeof url !== "string") {
if (typeof url !== 'string') {
if (callback) { callback(result); }
return resolve(result);
}
Expand All @@ -58,6 +58,11 @@ function inetChecksite(url, callback) {
result.url = urlSanitized;
try {
if (urlSanitized && !util.isPrototypePolluted()) {
urlSanitized.__proto__.startsWith = util.stringStartWith;
if (urlSanitized.startsWith('file:')) {
if (callback) { callback(result); }
return resolve(result);
}
let t = Date.now();
if (_linux || _freebsd || _openbsd || _netbsd || _darwin || _sunos) {
let args = ' -I --connect-timeout 5 -m 5 ' + urlSanitized + ' 2>/dev/null | head -n 1 | cut -d " " -f2';
Expand Down Expand Up @@ -131,7 +136,7 @@ function inetLatency(host, callback) {

return new Promise((resolve) => {
process.nextTick(() => {
if (typeof host !== "string") {
if (typeof host !== 'string') {
if (callback) { callback(null); }
return resolve(null);
}
Expand All @@ -146,6 +151,11 @@ function inetLatency(host, callback) {
}
}
}
hostSanitized.__proto__.startsWith = util.stringStartWith;
if (hostSanitized.startsWith('file:')) {
if (callback) { callback(null); }
return resolve(null);
}
let params;
let filt;
if (_linux || _freebsd || _openbsd || _netbsd || _darwin) {
Expand Down

0 comments on commit 078ea40

Please sign in to comment.