systeminformation 4.34.15 → 4.34.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/lib/docker.js +1 -1
  3. package/lib/internet.js +34 -25
  4. package/lib/network.js +1 -1
  5. package/lib/processes.js +13 -8
  6. package/lib/util.js +45 -5
  7. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -30,6 +30,10 @@ For major (breaking) changes - version 3 and 2 see end of page.
30
30
 
31
31
  | Version | Date | Comment |
32
32
  | -------------- | -------------- | -------- |
33
+ | 4.34.19 | 2021-03-16 | `inetLatency()` `ineChecksite()` schema validation |
34
+ | 4.34.18 | 2021-03-16 | code refactoring |
35
+ | 4.34.17 | 2021-03-15 | `sanitizeShellString()` and other security improvements |
36
+ | 4.34.16 | 2021-03-14 | `sanitizeShellString()` improvements |
33
37
  | 4.34.15 | 2021-02-23 | `dockerContainerStats()` fixed parameter * |
34
38
  | 4.34.14 | 2021-02-20 | `sanitizeShellString()` optimized strict sanitation |
35
39
  | 4.34.13 | 2021-02-15 | `dockerContainerStats()` fixed ID splitting |
package/lib/docker.js CHANGED
@@ -355,7 +355,7 @@ function dockerContainerStats(containerIDs, callback) {
355
355
  if (containerIDsSanitized !== '*') {
356
356
  containerIDsSanitized = '';
357
357
  const s = (util.isPrototypePolluted() ? '' : util.sanitizeShellString(containerIDs, true)).trim();
358
- for (let i = 0; i <= 2000; i++) {
358
+ for (let i = 0; i <= util.mathMin(s.length, 2000); i++) {
359
359
  if (!(s[i] === undefined)) {
360
360
  s[i].__proto__.toLowerCase = util.stringToLower;
361
361
  const sl = s[i].toLowerCase();
package/lib/internet.js CHANGED
@@ -13,7 +13,6 @@
13
13
  // 12. Internet
14
14
  // ----------------------------------------------------------------------------------
15
15
 
16
- const exec = require('child_process').exec;
17
16
  const util = require('./util');
18
17
 
19
18
  let _platform = process.platform;
@@ -45,11 +44,11 @@ function inetChecksite(url, callback) {
45
44
  }
46
45
  let urlSanitized = '';
47
46
  const s = util.sanitizeShellString(url, true);
48
- for (let i = 0; i <= 2000; i++) {
47
+ for (let i = 0; i <= util.mathMin(s.length, 2000); i++) {
49
48
  if (!(s[i] === undefined)) {
50
49
  s[i].__proto__.toLowerCase = util.stringToLower;
51
50
  const sl = s[i].toLowerCase();
52
- if (sl && sl[0] && !sl[1]) {
51
+ if (sl && sl[0] && !sl[1] && sl[0].length === 1) {
53
52
  urlSanitized = urlSanitized + sl[0];
54
53
  }
55
54
  }
@@ -59,17 +58,19 @@ function inetChecksite(url, callback) {
59
58
  if (urlSanitized && !util.isPrototypePolluted()) {
60
59
  let t = Date.now();
61
60
  urlSanitized.__proto__.startsWith = util.stringStartWith;
62
- if (urlSanitized.startsWith('file:')) {
61
+ if (urlSanitized.startsWith('file:') || urlSanitized.startsWith('gopher:') || urlSanitized.startsWith('telnet:') || urlSanitized.startsWith('mailto:') || urlSanitized.startsWith('news:') || urlSanitized.startsWith('nntp:')) {
63
62
  if (callback) { callback(result); }
64
63
  return resolve(result);
65
64
  }
66
65
  if (_linux || _freebsd || _openbsd || _netbsd || _darwin || _sunos) {
67
- let args = ' -I --connect-timeout 5 -m 5 ' + urlSanitized + ' 2>/dev/null | head -n 1 | cut -d " " -f2';
66
+ let args = ['-I', '--connect-timeout', '5', '-m', '5'];
67
+ args.push(urlSanitized);
68
68
  let cmd = 'curl';
69
- exec(cmd + args, function (error, stdout) {
70
- let statusCode = parseInt(stdout.toString());
69
+ util.execSafe(cmd, args).then((stdout) => {
70
+ const lines = stdout.split('\n');
71
+ let statusCode = lines[0] && lines[0].indexOf(' ') >= 0 ? parseInt(lines[0].split(' ')[1], 10) : 404;
71
72
  result.status = statusCode || 404;
72
- result.ok = !error && (statusCode === 200 || statusCode === 301 || statusCode === 302 || statusCode === 304);
73
+ result.ok = (statusCode === 200 || statusCode === 301 || statusCode === 302 || statusCode === 304);
73
74
  result.ms = (result.ok ? Date.now() - t : -1);
74
75
  if (callback) { callback(result); }
75
76
  resolve(result);
@@ -141,7 +142,7 @@ function inetLatency(host, callback) {
141
142
  }
142
143
  let hostSanitized = '';
143
144
  const s = (util.isPrototypePolluted() ? '8.8.8.8' : util.sanitizeShellString(host, true)).trim();
144
- for (let i = 0; i <= 2000; i++) {
145
+ for (let i = 0; i <= util.mathMin(s.length, 2000); i++) {
145
146
  if (!(s[i] === undefined)) {
146
147
  s[i].__proto__.toLowerCase = util.stringToLower;
147
148
  const sl = s[i].toLowerCase();
@@ -150,27 +151,31 @@ function inetLatency(host, callback) {
150
151
  }
151
152
  }
152
153
  }
153
- let cmd;
154
154
  hostSanitized.__proto__.startsWith = util.stringStartWith;
155
- if (hostSanitized.startsWith('file:')) {
155
+ if (hostSanitized.startsWith('file:') || hostSanitized.startsWith('gopher:') || hostSanitized.startsWith('telnet:') || hostSanitized.startsWith('mailto:') || hostSanitized.startsWith('news:') || hostSanitized.startsWith('nntp:')) {
156
156
  if (callback) { callback(null); }
157
157
  return resolve(null);
158
158
  }
159
+ let params;
160
+ let filt;
159
161
  if (_linux || _freebsd || _openbsd || _netbsd || _darwin) {
160
162
  if (_linux) {
161
- cmd = 'ping -c 2 -w 3 ' + hostSanitized + ' | grep rtt';
163
+ params = ['-c', '2', '-w', '3', hostSanitized];
164
+ filt = 'rtt';
162
165
  }
163
166
  if (_freebsd || _openbsd || _netbsd) {
164
- cmd = 'ping -c 2 -t 3 ' + hostSanitized + ' | grep round-trip';
167
+ params = ['-c', '2', '-t', '3', hostSanitized];
168
+ filt = 'round-trip';
165
169
  }
166
170
  if (_darwin) {
167
- cmd = 'ping -c 2 -t 3 ' + hostSanitized + ' | grep avg';
171
+ params = ['-c2', '-t3', hostSanitized];
172
+ filt = 'avg';
168
173
  }
169
-
170
- exec(cmd, function (error, stdout) {
174
+ util.execSafe('ping', params).then((stdout) => {
171
175
  let result = -1;
172
- if (!error) {
173
- const line = stdout.toString().split('=');
176
+ if (stdout) {
177
+ const lines = stdout.split('\n').filter(line => line.indexOf(filt) >= 0).join('\n');
178
+ const line = lines.split('=');
174
179
  if (line.length > 1) {
175
180
  const parts = line[1].split('/');
176
181
  if (parts.length > 1) {
@@ -183,10 +188,13 @@ function inetLatency(host, callback) {
183
188
  });
184
189
  }
185
190
  if (_sunos) {
186
- exec('ping -s -a ' + hostSanitized + ' 56 2 | grep avg', { timeout: 3000 }, function (error, stdout) {
187
- let result = -1;
188
- if (!error) {
189
- const line = stdout.toString().split('=');
191
+ const params = ['-s', '-a', hostSanitized, '56', '2'];
192
+ const filt = 'avg';
193
+ util.execSafe('ping', params, { timeout: 3000 }).then((stdout) => {
194
+ let result = null;
195
+ if (stdout) {
196
+ const lines = stdout.split('\n').filter(line => line.indexOf(filt) >= 0).join('\n');
197
+ const line = lines.split('=');
190
198
  if (line.length > 1) {
191
199
  const parts = line[1].split('/');
192
200
  if (parts.length > 1) {
@@ -201,9 +209,10 @@ function inetLatency(host, callback) {
201
209
  if (_windows) {
202
210
  let result = -1;
203
211
  try {
204
- exec('ping ' + hostSanitized + ' -n 1', util.execOptsWin, function (error, stdout) {
205
- if (!error) {
206
- let lines = stdout.toString().split('\r\n');
212
+ const params = [hostSanitized, '-n', '1'];
213
+ util.execSafe('ping', params, util.execOptsWin).then((stdout) => {
214
+ if (stdout) {
215
+ let lines = stdout.split('\r\n');
207
216
  lines.shift();
208
217
  lines.forEach(function (line) {
209
218
  if ((line.toLowerCase().match(/ms/g) || []).length === 3) {
package/lib/network.js CHANGED
@@ -1057,7 +1057,7 @@ function networkStatsSingle(iface) {
1057
1057
  process.nextTick(() => {
1058
1058
  let ifaceSanitized = '';
1059
1059
  const s = util.isPrototypePolluted() ? '---' : util.sanitizeShellString(iface);
1060
- for (let i = 0; i <= 2000; i++) {
1060
+ for (let i = 0; i <= util.mathMin(s.length, 2000); i++) {
1061
1061
  if (!(s[i] === undefined)) {
1062
1062
  ifaceSanitized = ifaceSanitized + s[i];
1063
1063
  }
package/lib/processes.js CHANGED
@@ -109,7 +109,7 @@ function services(srv, callback) {
109
109
  srvString.__proto__.trim = util.stringTrim;
110
110
 
111
111
  const s = util.sanitizeShellString(srv);
112
- for (let i = 0; i <= 2000; i++) {
112
+ for (let i = 0; i <= util.mathMin(s.length, 2000); i++) {
113
113
  if (!(s[i] === undefined)) {
114
114
  srvString = srvString + s[i];
115
115
  }
@@ -162,11 +162,15 @@ function services(srv, callback) {
162
162
  }
163
163
  }
164
164
  }
165
- let comm = (_darwin) ? 'ps -caxo pcpu,pmem,pid,command' : 'ps -axo pcpu,pmem,pid,command';
165
+ if ((_darwin) && srvString === '*') { // service enumeration not yet suported on mac OS
166
+ if (callback) { callback(result); }
167
+ resolve(result);
168
+ }
169
+ let args = (_darwin) ? ['-caxo', 'pcpu,pmem,pid,command'] : ['-axo', 'pcpu,pmem,pid,command'];
166
170
  if (srvString !== '' && srvs.length > 0) {
167
- exec(comm + ' | grep -v grep | grep -iE "' + srvString + '"', { maxBuffer: 1024 * 20000 }, function (error, stdout) { // lgtm [js/shell-command-constructed-from-input]
168
- if (!error) {
169
- let lines = stdout.toString().replace(/ +/g, ' ').replace(/,+/g, '.').split('\n');
171
+ util.execSafe('ps', args).then((stdout) => {
172
+ if (stdout) {
173
+ let lines = stdout.replace(/ +/g, ' ').replace(/,+/g, '.').split('\n');
170
174
  srvs.forEach(function (srv) {
171
175
  let ps;
172
176
  if (_darwin) {
@@ -261,9 +265,10 @@ function services(srv, callback) {
261
265
  resolve(result);
262
266
  }
263
267
  } else {
264
- exec('ps -o comm | grep -v grep | egrep "' + srvString + '"', { maxBuffer: 1024 * 20000 }, function (error, stdout) { // lgtm [js/shell-command-constructed-from-input]
265
- if (!error) {
266
- let lines = stdout.toString().replace(/ +/g, ' ').replace(/,+/g, '.').split('\n');
268
+ args = ['-o', 'comm'];
269
+ util.execSafe('ps', args).then((stdout) => {
270
+ if (stdout) {
271
+ let lines = stdout.replace(/ +/g, ' ').replace(/,+/g, '.').split('\n');
267
272
  srvs.forEach(function (srv) {
268
273
  let ps = lines.filter(function (e) {
269
274
  return e.indexOf(srv) !== -1;
package/lib/util.js CHANGED
@@ -57,6 +57,7 @@ const stringToString = new String().toString;
57
57
  const stringSubstr = new String().substr;
58
58
  const stringTrim = new String().trim;
59
59
  const stringStartWith = new String().startsWith;
60
+ const mathMin = Math.min;
60
61
 
61
62
  function isFunction(functionToCheck) {
62
63
  let getType = {};
@@ -388,6 +389,42 @@ function powerShell(cmd) {
388
389
  });
389
390
  }
390
391
 
392
+ function execSafe(cmd, args, options) {
393
+ let result = '';
394
+ options = options || {};
395
+
396
+ return new Promise((resolve) => {
397
+ process.nextTick(() => {
398
+ try {
399
+ const child = spawn(cmd, args, options);
400
+
401
+ if (child && !child.pid) {
402
+ child.on('error', function () {
403
+ resolve(result);
404
+ });
405
+ }
406
+ if (child && child.pid) {
407
+ child.stdout.on('data', function (data) {
408
+ result += data.toString();
409
+ });
410
+ child.on('close', function () {
411
+ child.kill();
412
+ resolve(result);
413
+ });
414
+ child.on('error', function () {
415
+ child.kill();
416
+ resolve(result);
417
+ });
418
+ } else {
419
+ resolve(result);
420
+ }
421
+ } catch (e) {
422
+ resolve(result);
423
+ }
424
+ });
425
+ });
426
+ }
427
+
391
428
  function getCodepage() {
392
429
  if (_windows) {
393
430
  if (!codepage) {
@@ -502,7 +539,7 @@ function countLines(lines, startingWith) {
502
539
  function sanitizeShellString(str, strict = false) {
503
540
  const s = str || '';
504
541
  let result = '';
505
- for (let i = 0; i <= 2000; i++) {
542
+ for (let i = 0; i <= mathMin(s.length, 2000); i++) {
506
543
  if (!(s[i] === undefined ||
507
544
  s[i] === '>' ||
508
545
  s[i] === '<' ||
@@ -525,10 +562,11 @@ function sanitizeShellString(str, strict = false) {
525
562
  s[i] === '\'' ||
526
563
  s[i] === '`' ||
527
564
  s[i] === '"' ||
528
- strict && s[i] === '@' ||
529
- strict && s[i] === ' ' ||
530
- strict && s[i] == '{' ||
531
- strict && s[i] == ')')) {
565
+ s[i].length > 1 ||
566
+ (strict && s[i] === '@') ||
567
+ (strict && s[i] === ' ') ||
568
+ (strict && s[i] == '{') ||
569
+ (strict && s[i] == ')'))) {
532
570
  result = result + s[i];
533
571
  }
534
572
  }
@@ -821,6 +859,7 @@ exports.wmic = wmic;
821
859
  exports.darwinXcodeExists = darwinXcodeExists;
822
860
  exports.getVboxmanage = getVboxmanage;
823
861
  exports.powerShell = powerShell;
862
+ exports.execSafe = execSafe;
824
863
  exports.nanoSeconds = nanoSeconds;
825
864
  exports.countUniqueLines = countUniqueLines;
826
865
  exports.countLines = countLines;
@@ -836,4 +875,5 @@ exports.stringToString = stringToString;
836
875
  exports.stringSubstr = stringSubstr;
837
876
  exports.stringTrim = stringTrim;
838
877
  exports.stringStartWith = stringStartWith;
878
+ exports.mathMin = mathMin;
839
879
  exports.WINDIR = WINDIR;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "systeminformation",
3
- "version": "4.34.15",
3
+ "version": "4.34.19",
4
4
  "description": "Simple system and OS information library",
5
5
  "license": "MIT",
6
6
  "author": "Sebastian Hildebrandt <hildebrandt@plus-innovations.com> (https://plus-innovations.com)",