Skip to content
Permalink
Browse files Browse the repository at this point in the history
adapted security update (prototype pollution prevention)
  • Loading branch information
sebhildebrandt committed Nov 26, 2020
1 parent 7b46935 commit 8113ff0
Show file tree
Hide file tree
Showing 8 changed files with 47 additions and 7 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Expand Up @@ -30,6 +30,7 @@ For major (breaking) changes - version 3 and 2 see end of page.

| Version | Date | Comment |
| -------------- | -------------- | -------- |
| 4.30.5 | 2020-11-26 | adapted security update (prototype pollution prevention) |
| 4.30.4 | 2020-11-25 | reverted Object.freeze because it broke some projects |
| 4.30.3 | 2020-11-25 | security update (prototype pollution prevention) Object.freeze |
| 4.30.2 | 2020-11-25 | security update (prototype pollution prevention) |
Expand Down
5 changes: 5 additions & 0 deletions docs/history.html
Expand Up @@ -83,6 +83,11 @@ <h3>Full version history</h3>
</tr>
</thead>
<tbody>
<tr>
<th scope="row">4.30.5</th>
<td>2020-11-26</td>
<td>adapted security update (prototype pollution prevention)</td>
</tr>
<tr>
<th scope="row">4.30.4</th>
<td>2020-11-25</td>
Expand Down
2 changes: 1 addition & 1 deletion docs/index.html
Expand Up @@ -168,7 +168,7 @@
<img class="logo" src="assets/logo.png">
<div class="title">systeminformation</div>
<div class="subtitle"><span id="typed"></span></div>
<div class="version">Current Version: <span id="version">4.30.4</span></div>
<div class="version">Current Version: <span id="version">4.30.5</span></div>
<button class="btn btn-light" onclick="location.href='https://github.com/sebhildebrandt/systeminformation'">View on Github <i class=" fab fa-github"></i></button>
</div>
<div class="down">
Expand Down
3 changes: 0 additions & 3 deletions lib/index.js
Expand Up @@ -21,9 +21,6 @@
// Dependencies
// ----------------------------------------------------------------------------------

// Object.freeze(String.prototype);
// Object.freeze(Object.prototype);

const lib_version = require('../package.json').version;
const util = require('./util');
const system = require('./system');
Expand Down
1 change: 1 addition & 0 deletions lib/internet.js
Expand Up @@ -40,6 +40,7 @@ function inetChecksite(url, callback) {
s[i] === ' ' ||
s[i] === '{' ||
s[i] === '}')) {
s[i].__proto__.toLowerCase = util.stringToLower;
const sl = s[i].toLowerCase();
if (sl && sl[0] && !sl[1]) {
urlSanitized = urlSanitized + sl[0];
Expand Down
9 changes: 7 additions & 2 deletions lib/network.js
Expand Up @@ -1040,8 +1040,13 @@ function networkStatsSingle(iface) {

return new Promise((resolve) => {
process.nextTick(() => {

const ifaceSanitized = util.isPrototypePolluted() ? '---' : util.sanitizeShellString(iface);
let ifaceSanitized = '';
const s = util.isPrototypePolluted() ? '---' : util.sanitizeShellString(iface);
for (let i = 0; i <= 2000; i++) {
if (!(s[i] === undefined)) {
ifaceSanitized = ifaceSanitized + s[i];
}
}

let result = {
iface: ifaceSanitized,
Expand Down
13 changes: 12 additions & 1 deletion lib/processes.js
Expand Up @@ -98,7 +98,18 @@ function services(srv, callback) {
return new Promise((resolve) => {
process.nextTick(() => {
if (srv) {
let srvString = util.sanitizeShellString(srv);
let srvString = '';
srvString.__proto__.toLowerCase = util.stringToLower;
srvString.__proto__.replace = util.stringReplace;
srvString.__proto__.trim = util.stringTrim;

const s = util.sanitizeShellString(srv);
for (let i = 0; i <= 2000; i++) {
if (!(s[i] === undefined)) {
srvString = srvString + s[i];
}
}

srvString = srvString.trim().toLowerCase().replace(/, /g, '|').replace(/,+/g, '|');
if (srvString === '') {
srvString = '*';
Expand Down
20 changes: 20 additions & 0 deletions lib/util.js
Expand Up @@ -48,6 +48,13 @@ function toInt(value) {
return result;
}


const stringReplace = new String().replace;
const stringToLower = new String().toLowerCase;
const stringToString = new String().toString;
const stringSubstr = new String().substr;
const stringTrim = new String().trim;

function isFunction(functionToCheck) {
let getType = {};
return functionToCheck && getType.toString.call(functionToCheck) === '[object Function]';
Expand Down Expand Up @@ -523,6 +530,12 @@ function isPrototypePolluted() {
const s = '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
let notPolluted = true;
let st = '';

st.__proto__.replace = stringReplace;
st.__proto__.toLowerCase = stringToLower;
st.__proto__.toString = stringToString;
st.__proto__.substr = stringSubstr;

notPolluted = notPolluted || !(s.length === 62)
const ms = Date.now();
if (typeof ms === 'number' && ms > 1600000000000) {
Expand All @@ -542,6 +555,7 @@ function isPrototypePolluted() {
// string manipulation
let p = Math.random() * l * 0.9999999999;
let stm = st.substr(0, p) + ' ' + st.substr(p, 2000);
stm.__proto__.replace = stringReplace;
let sto = stm.replace(/ /g, '');
notPolluted = notPolluted && st === sto;
p = Math.random() * l * 0.9999999999;
Expand All @@ -562,6 +576,7 @@ function isPrototypePolluted() {
notPolluted = notPolluted && (stl.length === l) && stl[l - 1] && !(stl[l])
for (let i = 0; i < l; i++) {
const s1 = st[i];
s1.__proto__.toLowerCase = stringToLower;
const s2 = stl ? stl[i] : '';
const s1l = s1.toLowerCase();
notPolluted = notPolluted && s1l[0] === s2 && s1l[0] && !(s1l[1]);
Expand Down Expand Up @@ -806,3 +821,8 @@ exports.isRaspbian = isRaspbian;
exports.sanitizeShellString = sanitizeShellString;
exports.isPrototypePolluted = isPrototypePolluted;
exports.decodePiCpuinfo = decodePiCpuinfo;
exports.stringReplace = stringReplace;
exports.stringToLower = stringToLower;
exports.stringToString = stringToString;
exports.stringSubstr = stringSubstr;
exports.stringTrim = stringTrim;

0 comments on commit 8113ff0

Please sign in to comment.