Updated systeminformation with changes from master

shoustech · shoustech · commit b3192801ad32 · 2023-10-05T15:39:00.000-04:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -83,6 +83,12 @@ For major (breaking) changes - **version 4, 3 and 2** - see end of page.
 
 | Version | Date       | Comment                                                                                             |
 | ------- | ---------- | --------------------------------------------------------------------------------------------------- |
+| 5.21.11 | 2023-10-05 | `osInfo()` fix getLogoFile (BSD)                                                                    |
+| 5.21.10 | 2023-10-04 | `wifiNetworks()` improved parsing (macOS)                                                           |
+| 5.21.9  | 2023-09-25 | `general` code cleanup                                                                              |
+| 5.21.8  | 2023-09-20 | `battery()` fixed parsing (linux)                                                                   |
+| 5.21.7  | 2023-09-19 | `wifiConnections()` `wifiNetworks()` fixed security issue (linux)                                   |
+| 5.21.6  | 2023-09-18 | `baseboard()` improved parsing (windows)                                                            |
 | 5.21.5  | 2023-09-15 | `chassis()`, `baseboard()` improved parsing (windows)                                               |
 | 5.21.4  | 2023-09-02 | `wifiConnections()` fixed when no wifi chip (macOS)                                                 |
 | 5.21.3  | 2023-08-31 | `cpuTemperature()` improved parsing for AMD (linux)                                                 |
diff --git a/docs/history.html b/docs/history.html
@@ -57,6 +57,36 @@ <h3>Full version history</h3>
                     </tr>
                   </thead>
                   <tbody>
+                    <tr>
+                      <th scope="row">5.21.11</th>
+                      <td>2023-10-05</td>
+                      <td><span class="code">osInfo()</span> fix getLogoFile (BSD)</td>
+                    </tr>
+                    <tr>
+                      <th scope="row">5.21.10</th>
+                      <td>2023-10-04</td>
+                      <td><span class="code">wifiNetworks()</span> improved parsing (macOS)</td>
+                    </tr>
+                    <tr>
+                      <th scope="row">5.21.9</th>
+                      <td>2023-09-25</td>
+                      <td><span class="code">general</span> code cleanup</td>
+                    </tr>
+                    <tr>
+                      <th scope="row">5.21.8</th>
+                      <td>2023-09-20</td>
+                      <td><span class="code">battery()</span> fixed parsing (linux)</td>
+                    </tr>
+                    <tr>
+                      <th scope="row">5.21.7</th>
+                      <td>2023-09-19</td>
+                      <td><span class="code">wifiConnections()</span> <span class="code">wifiNetworks()</span>fixed security issue (linux)</td>
+                    </tr>
+                    <tr>
+                      <th scope="row">5.21.6</th>
+                      <td>2023-09-18</td>
+                      <td><span class="code">baseboard()</span> improved parsing (windows)</td>
+                    </tr>
                     <tr>
                       <th scope="row">5.21.5</th>
                       <td>2023-09-15</td>
diff --git a/docs/index.html b/docs/index.html
@@ -166,11 +166,11 @@
 <body>
   <header class="bg-image-full">
     <div class="top-container">
-      <a href="security.html" class="recommendation">Security advisory:<br>Update to v5.6.13</a>
+      <a href="security.html" class="recommendation">Security advisory:<br>Update to v5.21.7</a>
       <img class="logo" src="assets/logo.png" alt="logo">
       <div class="title">systeminformation</div>
       <div class="subtitle"><span id="typed"></span>&nbsp;</div>
-      <div class="version">New Version: <span id="version">5.21.5</span></div>
+      <div class="version">New Version: <span id="version">5.21.11</span></div>
       <button class="btn btn-light" onclick="location.href='https://github.com/sebhildebrandt/systeminformation'">View on Github <i class=" fab fa-github"></i></button>
     </div>
     <div class="down">
@@ -204,15 +204,15 @@
       </div>
       <div class="row number-section">
         <div class="col-xl-4 col-lg-4 col-md-4 col-12">
-          <div class="numbers">15,642</div>
+          <div class="numbers">15,727</div>
           <div class="title">Lines of code</div>
         </div>
         <div class="col-xl-4 col-lg-4 col-md-4 col-12">
           <div id="downloads" class="numbers">...</div>
           <div class="title">Downloads last month</div>
         </div>
         <div class="col-xl-4 col-lg-4 col-md-4 col-12">
-          <div class="numbers">645</div>
+          <div class="numbers">658</div>
           <div class="title">Dependents</div>
         </div>
       </div>
diff --git a/docs/security.html b/docs/security.html
@@ -49,6 +49,24 @@ <h2>Passing User Paramters to Systeminformation</h2>
                 <p class="warning">This can lead to serious impact on your servers!</p>
                 <p>We highly recommend to always upgrade to the latest version of our package. We maintain security updates for version 5 AND also version 4. For version 4 you can install latest version by placing <span class="code">"systeminformation": "^4"</span> in your package.json (dependencies) and run <span class="code">npm install</span></p>
 
+                <h2>SSID Command Injection Vulnerability</h2>
+                <p><span class="bold">Affected versions:</span>
+                  &lt; 5.21.07 (version 4 is not affected)<br>
+                  <span class="bold">Date:</span> 2023-09-19<br>
+                  <span class="bold">CVE indentifier</span> CVE-2023-42810
+                </p>
+
+                <h4>Impact</h4>
+                <p>We had an issue that there was a possibility to perform a potential command injection possibility by crafting detected SSIDs in <span class="code">wifiConnections()</span>, <span class="code">wifiNetworks()</span>.</p>
+
+                <h4>Patch</h4>
+                <p>Problem was fixed with parameter checking. If you are using version 5, please upgrade to version >= 5.7.21 (version 4 is not affected).</p>
+
+                <h4>Workaround</h4>
+                <p>If you cannot upgrade, be sure to check or sanitize parameter strings that are passed to <span class="code">wifiConnections()</span>, <span class="code">wifiNetworks()</span> (string only)</p>
+                <hr>
+                <br>
+
                 <h2>Command Injection Vulnerability</h2>
                 <p><span class="bold">Affected versions:</span>
                   &lt; 5.6.13 and &lt; 4.34.21<br>
@@ -255,4 +273,4 @@ <h4>Workaround</h4>
   </script>
 </body>
 
-</html>
+</html>
diff --git a/lib/battery.js b/lib/battery.js
@@ -127,6 +127,7 @@ module.exports = function (callback) {
               const energy = parseInt('0' + util.getValue(lines, 'POWER_SUPPLY_ENERGY_NOW', '='), 10);
               const power = parseInt('0' + util.getValue(lines, 'POWER_SUPPLY_POWER_NOW', '='), 10);
               const current = parseInt('0' + util.getValue(lines, 'POWER_SUPPLY_CURRENT_NOW', '='), 10);
+              const charge = parseInt('0' + util.getValue(lines, 'POWER_SUPPLY_CHARGE_NOW', '='), 10);
 
               result.percent = parseInt('0' + percent, 10);
               if (result.maxCapacity && result.currentCapacity) {
@@ -140,6 +141,8 @@ module.exports = function (callback) {
               }
               if (energy && power) {
                 result.timeRemaining = Math.floor(energy / power * 60);
+              } else if (current && charge) {
+                result.timeRemaining = Math.floor(charge / current * 60);
               } else if (current && result.currentCapacity) {
                 result.timeRemaining = Math.floor(result.currentCapacity / current * 60);
               }
diff --git a/lib/docker.js b/lib/docker.js
@@ -462,7 +462,8 @@ function dockerContainerStats(containerIDs, callback) {
         if (containerIDsSanitized !== '*') {
           containerIDsSanitized = '';
           const s = (util.isPrototypePolluted() ? '' : util.sanitizeShellString(containerIDs, true)).trim();
-          for (let i = 0; i <= util.mathMin(s.length, 2000); i++) {
+          const l = util.mathMin(s.length, 2000);
+          for (let i = 0; i <= l; i++) {
             if (s[i] !== undefined) {
               s[i].__proto__.toLowerCase = util.stringToLower;
               const sl = s[i].toLowerCase();
diff --git a/lib/internet.js b/lib/internet.js
@@ -13,7 +13,6 @@
 // 12. Internet
 // ----------------------------------------------------------------------------------
 
-// const exec = require('child_process').exec;
 const util = require('./util');
 
 let _platform = process.platform;
@@ -45,7 +44,8 @@ function inetChecksite(url, callback) {
       }
       let urlSanitized = '';
       const s = util.sanitizeShellString(url, true);
-      for (let i = 0; i <= util.mathMin(s.length, 2000); i++) {
+      const l = util.mathMin(s.length, 2000);
+      for (let i = 0; i <= l; i++) {
         if (s[i] !== undefined) {
           s[i].__proto__.toLowerCase = util.stringToLower;
           const sl = s[i].toLowerCase();
@@ -143,7 +143,8 @@ function inetLatency(host, callback) {
       }
       let hostSanitized = '';
       const s = (util.isPrototypePolluted() ? '8.8.8.8' : util.sanitizeShellString(host, true)).trim();
-      for (let i = 0; i <= util.mathMin(s.length, 2000); i++) {
+      const l = util.mathMin(s.length, 2000);
+      for (let i = 0; i <= l; i++) {
         if (!(s[i] === undefined)) {
           s[i].__proto__.toLowerCase = util.stringToLower;
           const sl = s[i].toLowerCase();
diff --git a/lib/network.js b/lib/network.js
@@ -745,7 +745,8 @@ function networkInterfaces(callback, rescan, defaultString) {
 
             let ifaceSanitized = '';
             const s = util.isPrototypePolluted() ? '---' : util.sanitizeShellString(nic.iface);
-            for (let i = 0; i <= util.mathMin(s.length, 2000); i++) {
+            const l = util.mathMin(s.length, 2000);
+            for (let i = 0; i <= l; i++) {
               if (s[i] !== undefined) {
                 ifaceSanitized = ifaceSanitized + s[i];
               }
@@ -840,7 +841,8 @@ function networkInterfaces(callback, rescan, defaultString) {
               let iface = dev.split(':')[0].trim().toLowerCase();
               let ifaceSanitized = '';
               const s = util.isPrototypePolluted() ? '---' : util.sanitizeShellString(iface);
-              for (let i = 0; i <= util.mathMin(s.length, 2000); i++) {
+              const l = util.mathMin(s.length, 2000);
+              for (let i = 0; i <= l; i++) {
                 if (s[i] !== undefined) {
                   ifaceSanitized = ifaceSanitized + s[i];
                 }
@@ -973,7 +975,8 @@ function networkInterfaces(callback, rescan, defaultString) {
 
               let ifaceSanitized = '';
               const s = util.isPrototypePolluted() ? '---' : util.sanitizeShellString(dev);
-              for (let i = 0; i <= util.mathMin(s.length, 2000); i++) {
+              const l = util.mathMin(s.length, 2000);
+              for (let i = 0; i <= l; i++) {
                 if (s[i] !== undefined) {
                   ifaceSanitized = ifaceSanitized + s[i];
                 }
@@ -1221,7 +1224,8 @@ function networkStatsSingle(iface) {
     process.nextTick(() => {
       let ifaceSanitized = '';
       const s = util.isPrototypePolluted() ? '---' : util.sanitizeShellString(iface);
-      for (let i = 0; i <= util.mathMin(s.length, 2000); i++) {
+      const l = util.mathMin(s.length, 2000);
+      for (let i = 0; i <= l; i++) {
         if (s[i] !== undefined) {
           ifaceSanitized = ifaceSanitized + s[i];
         }
diff --git a/lib/osinfo.js b/lib/osinfo.js
@@ -272,7 +272,7 @@ function osInfo(callback) {
         exec('sysctl kern.ostype kern.osrelease kern.osrevision kern.hostuuid machdep.bootmethod kern.geom.confxml', function (error, stdout) {
           let lines = stdout.toString().split('\n');
           const distro = util.getValue(lines, 'kern.ostype');
-          const logofile = util.getLogoFile(distro);
+          const logofile = getLogoFile(distro);
           const release = util.getValue(lines, 'kern.osrelease').split('-')[0];
           const serial = util.getValue(lines, 'kern.uuid');
           const bootmethod = util.getValue(lines, 'machdep.bootmethod');
diff --git a/lib/processes.js b/lib/processes.js
@@ -131,7 +131,8 @@ function services(srv, callback) {
         srvString.__proto__.trim = util.stringTrim;
 
         const s = util.sanitizeShellString(srv);
-        for (let i = 0; i <= util.mathMin(s.length, 2000); i++) {
+        const l = util.mathMin(s.length, 2000);
+        for (let i = 0; i <= l; i++) {
           if (s[i] !== undefined) {
             srvString = srvString + s[i];
           }
@@ -986,7 +987,9 @@ function processLoad(proc, callback) {
       processesString.__proto__.trim = util.stringTrim;
 
       const s = util.sanitizeShellString(proc);
-      for (let i = 0; i <= util.mathMin(s.length, 2000); i++) {
+      const l = util.mathMin(s.length, 2000);
+
+      for (let i = 0; i <= l; i++) {
         if (s[i] !== undefined) {
           processesString = processesString + s[i];
         }
diff --git a/lib/system.js b/lib/system.js
@@ -318,10 +318,11 @@ function system(callback) {
 exports.system = system;
 
 function cleanDefaults(s) {
-  if (s === 'Default string') { s = ''; }
-  if (s.toLowerCase().indexOf('o.e.m.') !== -1) { s = ''; }
-
-  return s
+  const cmpStr = s.toLowerCase();
+  if (cmpStr.indexOf('o.e.m.') === -1 && cmpStr.indexOf('default string') === -1 && cmpStr !== 'default') {
+    return s || '';
+  }
+  return '';
 }
 function bios(callback) {
 
@@ -581,9 +582,6 @@ function baseboard(callback) {
             if (!result.assetTag) {
               result.assetTag = cleanDefaults(util.getValue(lines, 'sku', ':'));
             }
-            if (!result.assetTag) {
-              result.assetTag = cleanDefaults(util.getValue(lines, 'SMBIOSAssetTag', ':'));
-            }
 
             // memphysical
             lines = data.results[1] ? data.results[1].toString().split('\r\n') : [''];
diff --git a/lib/util.js b/lib/util.js
@@ -682,7 +682,8 @@ function sanitizeShellString(str, strict) {
   if (typeof strict === 'undefined') { strict = false; }
   const s = str || '';
   let result = '';
-  for (let i = 0; i <= mathMin(s.length, 2000); i++) {
+  const l = mathMin(s.length, 2000);
+  for (let i = 0; i <= l; i++) {
     if (!(s[i] === undefined ||
       s[i] === '>' ||
       s[i] === '<' ||
@@ -709,6 +710,7 @@ function sanitizeShellString(str, strict) {
       (strict && s[i] === '@') ||
       (strict && s[i] === ' ') ||
       (strict && s[i] == '{') ||
+      (strict && s[i] == ';') ||
       (strict && s[i] == ')'))) {
       result = result + s[i];
     }
diff --git a/lib/wifi.js b/lib/wifi.js
@@ -368,9 +368,10 @@ function parseWifiDarwin(wifiObj) {
       }
       if (wifiItem.SSID && ssid === '') {
         try {
-          console.log('Here')
           ssid = Buffer.from(wifiItem.SSID, 'base64').toString('utf8');
-        } catch { }
+        } catch (err) {
+          util.noop();
+        }
       }
       result.push({
         ssid,
@@ -404,7 +405,17 @@ function wifiNetworks(callback) {
               }
             });
             if (iface) {
-              const res = getWifiNetworkListIw(iface);
+              let ifaceSanitized = '';
+              const s = util.isPrototypePolluted() ? '---' : util.sanitizeShellString(iface, true);
+              const l = util.mathMin(s.length, 2000);
+
+              for (let i = 0; i <= l; i++) {
+                if (s[i] !== undefined) {
+                  ifaceSanitized = ifaceSanitized + s[i];
+                }
+              }
+
+              const res = getWifiNetworkListIw(ifaceSanitized);
               if (res === -1) {
                 // try again after 4 secs
                 setTimeout(function (iface) {
@@ -532,11 +543,30 @@ function wifiConnections(callback) {
         const ifaces = ifaceListLinux();
         const networkList = getWifiNetworkListNmi();
         ifaces.forEach(ifaceDetail => {
-          const nmiDetails = nmiDeviceLinux(ifaceDetail.iface);
-          const wpaDetails = wpaConnectionLinux(ifaceDetail.iface);
+          let ifaceSanitized = '';
+          const s = util.isPrototypePolluted() ? '---' : util.sanitizeShellString(ifaceDetail.iface, true);
+          const ll = util.mathMin(s.length, 2000);
+
+          for (let i = 0; i <= ll; i++) {
+            if (s[i] !== undefined) {
+              ifaceSanitized = ifaceSanitized + s[i];
+            }
+          }
+
+          const nmiDetails = nmiDeviceLinux(ifaceSanitized);
+          const wpaDetails = wpaConnectionLinux(ifaceSanitized);
           const ssid = nmiDetails.ssid || wpaDetails.ssid;
           const network = networkList.filter(nw => nw.ssid === ssid);
-          const nmiConnection = nmiConnectionLinux(ssid);
+          let ssidSanitized = '';
+          const t = util.isPrototypePolluted() ? '---' : util.sanitizeShellString(ssid, true);
+          const l = util.mathMin(t.length, 2000);
+          for (let i = 0; i <= l; i++) {
+            if (t[i] !== undefined) {
+              ssidSanitized = ssidSanitized + t[i];
+            }
+          }
+
+          const nmiConnection = nmiConnectionLinux(ssidSanitized);
           const channel = network && network.length && network[0].channel ? network[0].channel : (wpaDetails.channel ? wpaDetails.channel : null);
           const bssid = network && network.length && network[0].bssid ? network[0].bssid : (wpaDetails.bssid ? wpaDetails.bssid : null);
           if (ssid && bssid) {
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "systeminformation",
-  "version": "5.21.5",
+  "version": "5.21.11",
   "description": "Advanced, lightweight system and OS information library",
   "license": "MIT",
   "author": "Sebastian Hildebrandt <hildebrandt@plus-innovations.com> (https://plus-innovations.com)",
