security update (prototype pollution prevention) Object.freeze

sebhildebrandt · Nov 25, 2020 · 44da17c · 44da17c
1 parent f828d6e
commit 44da17c
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -30,6 +30,7 @@ For major (breaking) changes - version 3 and 2 see end of page.
 
 | Version        | Date           | Comment  |
 | -------------- | -------------- | -------- |
+| 4.30.3         | 2020-11-25     | security update (prototype pollution prevention) Object.freeze |
 | 4.30.2         | 2020-11-25     | security update (prototype pollution prevention) |
 | 4.30.1         | 2020-11-12     | updated docs |
 | 4.30.0         | 2020-11-12     | `get()` possibility to provide params |

diff --git a/docs/history.html b/docs/history.html
@@ -83,6 +83,11 @@ <h3>Full version history</h3>
                   </tr>
                 </thead>
                 <tbody>
+                  <tr>
+                    <th scope="row">4.30.3</th>
+                    <td>2020-11-25</td>
+                    <td>security update (prototype pollution prevention) Object.freeze</td>
+                  </tr>
                   <tr>
                     <th scope="row">4.30.2</th>
                     <td>2020-11-25</td>

diff --git a/docs/index.html b/docs/index.html
@@ -168,7 +168,7 @@
       <img class="logo" src="assets/logo.png">
       <div class="title">systeminformation</div>
       <div class="subtitle"><span id="typed"></span></div>
-      <div class="version">Current Version: <span id="version">4.30.2</span></div>
+      <div class="version">Current Version: <span id="version">4.30.3</span></div>
       <button class="btn btn-light" onclick="location.href='https://github.com/sebhildebrandt/systeminformation'">View on Github <i class=" fab fa-github"></i></button>
     </div>
     <div class="down">

diff --git a/lib/index.js b/lib/index.js
@@ -21,6 +21,9 @@
 // Dependencies
 // ----------------------------------------------------------------------------------
 
+Object.freeze(String.prototype);
+Object.freeze(Object.prototype);
+
 const lib_version = require('../package.json').version;
 const util = require('./util');
 const system = require('./system');

diff --git a/lib/internet.js b/lib/internet.js
@@ -41,7 +41,7 @@ function inetChecksite(url, callback) {
           s[i] === '{' ||
           s[i] === '}')) {
           const sl = s[i].toLowerCase();
-          if (sl[0] && !sl[1]) {
+          if (sl && sl[0] && !sl[1]) {
             urlSanitized = urlSanitized + sl[0];
           }
         }