Skip to content

Commit

Permalink
inetChecksite() fixed vulnerability: command injection
Browse files Browse the repository at this point in the history
  • Loading branch information
sebhildebrandt committed Oct 26, 2020
1 parent 443d85e commit 931feca
Show file tree
Hide file tree
Showing 4 changed files with 14 additions and 2 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ For major (breaking) changes - version 3 and 2 see end of page.

| Version | Date | Comment |
| -------------- | -------------- | -------- |
| 4.27.11 | 2020-10-26 | `inetChecksite()` fixed vulnerability: command injection |
| 4.27.10 | 2020-10-16 | `dockerContainers()` resolved hanging issue |
| 4.27.9 | 2020-10-13 | `networkInterfaces()` loopback internal detection (windows) |
| 4.27.8 | 2020-10-08 | windows codepages partial fix |
Expand Down
5 changes: 5 additions & 0 deletions docs/history.html
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,11 @@ <h3>Full version history</h3>
</tr>
</thead>
<tbody>
<tr>
<th scope="row">4.27.11</th>
<td>2020-10-26</td>
<td><span class="code">inetChecksite()</span> fixed vulnerability: command injection</td>
</tr>
<tr>
<th scope="row">4.27.10</th>
<td>2020-10-16</td>
Expand Down
2 changes: 1 addition & 1 deletion docs/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,7 @@
<img class="logo" src="assets/logo.png">
<div class="title">systeminformation</div>
<div class="subtitle"><span id="typed"></span></div>
<div class="version">Current Version: <span id="version">4.27.10</span></div>
<div class="version">Current Version: <span id="version">4.27.11</span></div>
<button class="btn btn-light" onclick="location.href='https://github.com/sebhildebrandt/systeminformation'">View on Github <i class=" fab fa-github"></i></button>
</div>
<div class="down">
Expand Down
8 changes: 7 additions & 1 deletion lib/internet.js
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,13 @@ function inetChecksite(url, callback) {
return new Promise((resolve) => {
process.nextTick(() => {

const urlSanitized = util.sanitizeShellString(url).toLowerCase();
let urlSanitized = util.sanitizeShellString(url).toLowerCase();
urlSanitized = urlSanitized.replace(/ /g, '');
urlSanitized = urlSanitized.replace(/\$/g, '');
urlSanitized = urlSanitized.replace(/\(/g, '');
urlSanitized = urlSanitized.replace(/\)/g, '');
urlSanitized = urlSanitized.replace(/{/g, '');
urlSanitized = urlSanitized.replace(/}/g, '');
let result = {
url: urlSanitized,
ok: false,
Expand Down

0 comments on commit 931feca

Please sign in to comment.