Merge pull request #4 from EffectRenan/master

Fix Command Injection vulnerability

CHANGELOG.md

@@ -72,6 +72,9 @@ For major (breaking) changes - **version 4, 3 and 2** - see end of page.
 
 | Version        | Date           | Comment  |
 | -------------- | -------------- | -------- |
+| 5.3.0          | 2020-02-12     | `osInfo()` added remoteSession (windows) |
+| 5.2.7          | 2020-02-12     | `fsStats()`, `blockDevices()` improved linux |
+| 5.2.6          | 2020-02-12     | `inetLatency()` fixed possible DOS intrusion |
 | 5.2.5          | 2020-02-11     | `processes()` fixed truncated params (linux) |
 | 5.2.4          | 2020-02-11     | `currentLoad()` fixed issue |
 | 5.2.3          | 2020-02-11     | `diskLayout()` added USB drives (mac OS) |

README.md

@@ -102,6 +102,7 @@ si.cpu()
 
 (last 7 major and minor version releases)
 
+- Version 5.3.0: `osInfo()` added remoteSession (win only)
 - Version 5.2.0: `wifiInterfaces()` and `wifiConnections()` added
 - Version 5.1.0: `memLayout()` added ECC flag, `bios()` added language, features (linux)
 - Version 5.0.0: new version 5 - attention there are some breaking changes. See [detailed version 5 changes here][changes5-url].
@@ -325,6 +326,7 @@ Full function reference with examples can be found at [https://systeminformation
 | | servicepack | | | | X |   | service pack version |
 | | uefi | X | X | X | X |   | OS started via UEFI |
 | | hypervisor |  |  |  | X |   | hyper-v enabled? (win only) |
+| | remoteSession |  |  |  | X |   | runs in remote session (win only) |
 | si.uuid(cb) | {...} | X | X | X | X | X | object of several UUIDs |
 | | os | X | X | X | X |  | os specific UUID |
 | | hardware | X | X | X | X |  | hardware specific UUID |

docs/history.html

@@ -56,6 +56,21 @@ <h3>Full version history</h3>
                   </tr>
                 </thead>
                 <tbody>
+                  <tr>
+                    <th scope="row">5.3.0</th>
+                    <td>2020-02-12</td>
+                    <td><span class="code">osInfo()</span> added remoteSession (windows)</td>
+                  </tr>
+                  <tr>
+                    <th scope="row">5.2.7</th>
+                    <td>2020-02-12</td>
+                    <td><span class="code">fsStats()</span> and <span class="code">blockdevices()</span> improvements (linux)</td>
+                  </tr>
+                  <tr>
+                    <th scope="row">5.2.6</th>
+                    <td>2020-02-12</td>
+                    <td><span class="code">inetLatency()</span> fix DOS vulnerability</td>
+                  </tr>
                   <tr>
                     <th scope="row">5.2.5</th>
                     <td>2020-02-11</td>

docs/index.html

@@ -166,11 +166,11 @@
 <body>
   <header class="bg-image-full">
     <div class="top-container">
-      <a href="security.html" class="recommendation">Security advisory:<br>Update to v4.31.1</a>
+      <a href="security.html" class="recommendation">Security advisory:<br>Update to v5.2.6</a>
       <img class="logo" src="assets/logo.png">
       <div class="title">systeminformation</div>
       <div class="subtitle"><span id="typed"></span>&nbsp;</div>
-      <div class="version">New Version: <span id="version">5.2.5</span></div>
+      <div class="version">New Version: <span id="version">5.3.0</span></div>
       <button class="btn btn-light" onclick="location.href='https://github.com/sebhildebrandt/systeminformation'">View on Github <i class=" fab fa-github"></i></button>
     </div>
     <div class="down">

docs/os.html

@@ -226,6 +226,16 @@ <h2>Operating System, Shell, Versions, Users</h2>
                     <td></td>
                     <td>hyper-v detected (win only)</td>
                   </tr>
+                  <tr>
+                    <td></td>
+                    <td>remoteSession</td>
+                    <td></td>
+                    <td></td>
+                    <td></td>
+                    <td>X</td>
+                    <td></td>
+                    <td>runs in remote session (win only)</td>
+                  </tr>
                   <tr class="example">
                     <td></td>
                     <td colspan="7">

docs/security.html

@@ -43,11 +43,28 @@
           <div class="col-12 sectionheader">
             <div class="title">Security Advisories</div>
             <div class="text">
+              <h2>DOS Injection Vulnerability</h2>
+              <p><span class="bold">Affected versions:</span>
+                &lt; 5.2.6 and &lt; 4.34.10<br>
+                <span class="bold">Date:</span> 2021-02-12<br>
+                <span class="bold">CVE indentifier</span> -
+              </p>
+
+              <h4>Impact</h4>
+              <p>Here we had an issue that there was a possibility to perform a ping command execution for too long time. Affected commands: <span class="code">inetLatency()</span>.</p>
+
+              <h4>Patch</h4>
+              <p>Problem was fixed with a shell string sanitation fix. Please upgrade to version >= 5.2.6 (or >= 4.34.10 if you are using version 4).</p>
+
+              <h4>Workarround</h4>
+              <p>If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to <span class="code">inetLatency()</span> (no spaces)</p>
+              <hr>
+              <br>
               <h2>Command Injection Vulnerability</h2>
               <p><span class="bold">Affected versions:</span>
-                < 4.31.1<br>
-                  <span class="bold">Date:</span> 2020-12-11<br>
-                  <span class="bold">CVE indentifier</span> CVE-2020-26274, CVE-2020-28448
+                &lt; 4.31.1<br>
+                <span class="bold">Date:</span> 2020-12-11<br>
+                <span class="bold">CVE indentifier</span> CVE-2020-26274, CVE-2020-28448
               </p>
 
               <h4>Impact</h4>
@@ -59,12 +76,13 @@ <h4>Patch</h4>
               <h4>Workarround</h4>
               <p>If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to <span class="code">inetLatency()</span></p>
 
-
-              <h2>command injection vulnerability - prototype pollution</h2>
+              <hr>
+              <br>
+              <h2>Command Injection Vulnerability - Prototype Pollution</h2>
               <p><span class="bold">Affected versions:</span>
-                < 4.30.5<br>
-                  <span class="bold">Date:</span> 2020-11-26<br>
-                  <span class="bold">CVE indentifier</span> CVE-2020-26245
+                &lt; 4.30.5<br>
+                <span class="bold">Date:</span> 2020-11-26<br>
+                <span class="bold">CVE indentifier</span> CVE-2020-26245
               </p>
 
               <h4>Impact</h4>
@@ -76,12 +94,13 @@ <h4>Patch</h4>
               <h4>Workarround</h4>
               <p>If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to <span class="code">inetChecksite()</span></p>
 
-
+              <hr>
+              <br>
               <h2>Command Injection Vulnerability</h2>
               <p><span class="bold">Affected versions:</span>
-                < 4.27.11<br>
-                  <span class="bold">Date:</span> 2020-10-26<br>
-                  <span class="bold">CVE indentifier</span> CVE-2020-7752
+                &lt; 4.27.11<br>
+                <span class="bold">Date:</span> 2020-10-26<br>
+                <span class="bold">CVE indentifier</span> CVE-2020-7752
               </p>
 
               <h4>Impact</h4>

docs/v4/battery.html

@@ -29,7 +29,7 @@
 <body>
   <nav class="nav">
     <div class="container">
-      <a href="."><img class="logo float-left" src="assets/logo.png">
+      <a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
         <div class="title float-left">systeminformation - Version 4</div>
       </a>
       <div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@@ -271,7 +271,7 @@ <h4>Windows Battery</h4>
       <div class="row">
         <div class="col-lg-4 col-12">
           <ul class="list-unstyled">
-            <li><a href=".">Home</a></li>
+            <li><a href="/v4/index.html">Home</a></li>
             <li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
             <li><a href="contributors.html">Contributors</a></li>
             <li>&nbsp;</li>

docs/v4/contributors.html

@@ -25,7 +25,7 @@
 <body>
   <nav class="nav">
     <div class="container">
-      <a href="."><img class="logo float-left" src="assets/logo.png">
+      <a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
         <div class="title float-left">systeminformation - Version 4</div>
       </a>
       <div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@@ -80,7 +80,7 @@
       <div class="row">
         <div class="col-lg-4 col-12">
           <ul class="list-unstyled">
-            <li><a href=".">Home</a></li>
+            <li><a href="/v4/index.html">Home</a></li>
             <li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
             <li><a href="contributors.html">Contributors</a></li>
             <li>&nbsp;</li>

docs/v4/copyright.html

@@ -25,7 +25,7 @@
 <body>
   <nav class="nav">
     <div class="container">
-      <a href="."><img class="logo float-left" src="assets/logo.png">
+      <a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
         <div class="title float-left">systeminformation - Version 4</div>
       </a>
       <div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@@ -75,7 +75,7 @@
       <div class="row">
         <div class="col-lg-4 col-12">
           <ul class="list-unstyled">
-            <li><a href=".">Home</a></li>
+            <li><a href="/v4/index.html">Home</a></li>
             <li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
             <li><a href="contributors.html">Contributors</a></li>
             <li>&nbsp;</li>

docs/v4/cpu.html

@@ -29,7 +29,7 @@
 <body>
   <nav class="nav">
     <div class="container">
-      <a href="."><img class="logo float-left" src="assets/logo.png">
+      <a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
         <div class="title float-left">systeminformation - Version 4</div>
       </a>
       <div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@@ -564,7 +564,7 @@ <h4>Windows Temperature</h4>
       <div class="row">
         <div class="col-lg-4 col-12">
           <ul class="list-unstyled">
-            <li><a href=".">Home</a></li>
+            <li><a href="/v4/index.html">Home</a></li>
             <li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
             <li><a href="contributors.html">Contributors</a></li>
             <li>&nbsp;</li>

docs/v4/docker.html

@@ -29,7 +29,7 @@
 <body>
   <nav class="nav">
     <div class="container">
-      <a href="."><img class="logo float-left" src="assets/logo.png">
+      <a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
         <div class="title float-left">systeminformation - Version 4</div>
       </a>
       <div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@@ -1049,7 +1049,7 @@ <h2>Container, Stats, Processes</h2>
       <div class="row">
         <div class="col-lg-4 col-12">
           <ul class="list-unstyled">
-            <li><a href=".">Home</a></li>
+            <li><a href="/v4/index.html">Home</a></li>
             <li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
             <li><a href="contributors.html">Contributors</a></li>
             <li>&nbsp;</li>

docs/v4/filesystem.html

@@ -29,7 +29,7 @@
 <body>
   <nav class="nav">
     <div class="container">
-      <a href="."><img class="logo float-left" src="assets/logo.png">
+      <a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
         <div class="title float-left">systeminformation - Version 4</div>
       </a>
       <div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@@ -856,7 +856,7 @@ <h4>Getting correct stats values</h4>
       <div class="row">
         <div class="col-lg-4 col-12">
           <ul class="list-unstyled">
-            <li><a href=".">Home</a></li>
+            <li><a href="/v4/index.html">Home</a></li>
             <li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
             <li><a href="contributors.html">Contributors</a></li>
             <li>&nbsp;</li>

docs/v4/general.html

@@ -29,7 +29,7 @@
 <body>
   <nav class="nav">
     <div class="container">
-      <a href="."><img class="logo float-left" src="assets/logo.png">
+      <a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
         <div class="title float-left">systeminformation - Version 4</div>
       </a>
       <div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@@ -321,7 +321,7 @@ <h2>Get All At Once</h2>
       <div class="row">
         <div class="col-lg-4 col-12">
           <ul class="list-unstyled">
-            <li><a href=".">Home</a></li>
+            <li><a href="/v4/index.html">Home</a></li>
             <li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
             <li><a href="contributors.html">Contributors</a></li>
             <li>&nbsp;</li>

docs/v4/gettingstarted.html

@@ -29,7 +29,7 @@
 <body>
   <nav class="nav">
     <div class="container">
-      <a href="."><img class="logo float-left" src="assets/logo.png">
+      <a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
         <div class="title float-left">systeminformation - Version 4</div>
       </a>
       <div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@@ -141,7 +141,7 @@ <h2>Callback, Promises, Async Await</h2>
       <div class="row">
         <div class="col-lg-4 col-12">
           <ul class="list-unstyled">
-            <li><a href=".">Home</a></li>
+            <li><a href="/v4/index.html">Home</a></li>
             <li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
             <li><a href="contributors.html">Contributors</a></li>
             <li>&nbsp;</li>

docs/v4/graphics.html

@@ -29,7 +29,7 @@
 <body>
   <nav class="nav">
     <div class="container">
-      <a href="."><img class="logo float-left" src="assets/logo.png">
+      <a href="/v4/index.html"><img class="logo float-left" src="assets/logo.png">
         <div class="title float-left">systeminformation - Version 4</div>
       </a>
       <div class="text float-right github"><a href="https://github.com/sebhildebrandt/systeminformation">View on Github <i class="fab fa-github"></i></a></div>
@@ -517,7 +517,7 @@ <h5>Example</h5>
       <div class="row">
         <div class="col-lg-4 col-12">
           <ul class="list-unstyled">
-            <li><a href=".">Home</a></li>
+            <li><a href="/v4/index.html">Home</a></li>
             <li><a href="https://github.com/sebhildebrandt/systeminformation">Github <i class="fab fa-github"></i></a></li>
             <li><a href="contributors.html">Contributors</a></li>
             <li>&nbsp;</li>