sebhildebrandt
diff --git a/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎docs/history.html‎
Lines changed: 5 additions & 0 deletions b/‎docs/history.html‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎docs/index.html‎
Lines changed: 1 addition & 1 deletion b/‎docs/index.html‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/index.js‎
Lines changed: 0 additions & 3 deletions b/‎lib/index.js‎
Lines changed: 0 additions & 3 deletions
diff --git a/‎lib/internet.js‎
Lines changed: 1 addition & 0 deletions b/‎lib/internet.js‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎lib/network.js‎
Lines changed: 7 additions & 2 deletions b/‎lib/network.js‎
Lines changed: 7 additions & 2 deletions
diff --git a/‎lib/processes.js‎
Lines changed: 12 additions & 1 deletion b/‎lib/processes.js‎
Lines changed: 12 additions & 1 deletion
diff --git a/‎lib/util.js‎
Lines changed: 20 additions & 0 deletions b/‎lib/util.js‎
Lines changed: 20 additions & 0 deletions
@@ -30,6 +30,7 @@ For major (breaking) changes - version 3 and 2 see end of page.
 
 | Version | Date | Comment |
 | -------------- | -------------- | -------- |
+| 4.30.5 | 2020-11-26 | adapted security update (prototype pollution prevention) |
 | 4.30.4 | 2020-11-25 | reverted Object.freeze because it broke some projects |
 | 4.30.3 | 2020-11-25 | security update (prototype pollution prevention) Object.freeze |
 | 4.30.2 | 2020-11-25 | security update (prototype pollution prevention) |
 
@@ -83,6 +83,11 @@ <h3>Full version history</h3>
  </tr>
  </thead>
  <tbody>
+ <tr>
+ <th scope="row">4.30.5</th>
+ <td>2020-11-26</td>
+ <td>adapted security update (prototype pollution prevention)</td>
+ </tr>
  <tr>
  <th scope="row">4.30.4</th>
  <td>2020-11-25</td>
 
@@ -168,7 +168,7 @@
  <img class="logo" src="assets/logo.png">
  <div class="title">systeminformation</div>
  <div class="subtitle"><span id="typed"></span></div>
- <div class="version">Current Version: <span id="version">4.30.4</span></div>
+ <div class="version">Current Version: <span id="version">4.30.5</span></div>
  <button class="btn btn-light" onclick="location.href='https://github.com/sebhildebrandt/systeminformation'">View on Github <i class=" fab fa-github"></i></button>
  </div>
  <div class="down">
 
@@ -21,9 +21,6 @@
 // Dependencies
 // ----------------------------------------------------------------------------------
 
-// Object.freeze(String.prototype);
-// Object.freeze(Object.prototype);
-
 const lib_version = require('../package.json').version;
 const util = require('./util');
 const system = require('./system');
 
@@ -40,6 +40,7 @@ function inetChecksite(url, callback) {
  s[i] === ' ' ||
  s[i] === '{' ||
  s[i] === '}')) {
+ s[i].__proto__.toLowerCase = util.stringToLower;
  const sl = s[i].toLowerCase();
  if (sl && sl[0] && !sl[1]) {
  urlSanitized = urlSanitized + sl[0];
 
@@ -1040,8 +1040,13 @@ function networkStatsSingle(iface) {
 
  return new Promise((resolve) => {
  process.nextTick(() => {
-
- const ifaceSanitized = util.isPrototypePolluted() ? '---' : util.sanitizeShellString(iface);
+ let ifaceSanitized = '';
+ const s = util.isPrototypePolluted() ? '---' : util.sanitizeShellString(iface);
+ for (let i = 0; i <= 2000; i++) {
+ if (!(s[i] === undefined)) {
+ ifaceSanitized = ifaceSanitized + s[i];
+ }
+ }
 
  let result = {
  iface: ifaceSanitized,
 
@@ -98,7 +98,18 @@ function services(srv, callback) {
  return new Promise((resolve) => {
  process.nextTick(() => {
  if (srv) {
- let srvString = util.sanitizeShellString(srv);
+ let srvString = '';
+ srvString.__proto__.toLowerCase = util.stringToLower;
+ srvString.__proto__.replace = util.stringReplace;
+ srvString.__proto__.trim = util.stringTrim;
+
+ const s = util.sanitizeShellString(srv);
+ for (let i = 0; i <= 2000; i++) {
+ if (!(s[i] === undefined)) {
+ srvString = srvString + s[i];
+ }
+ }
+
  srvString = srvString.trim().toLowerCase().replace(/, /g, '|').replace(/,+/g, '|');
  if (srvString === '') {
  srvString = '*';
 
@@ -48,6 +48,13 @@ function toInt(value) {
  return result;
 }
 
+
+const stringReplace = new String().replace;
+const stringToLower = new String().toLowerCase;
+const stringToString = new String().toString;
+const stringSubstr = new String().substr;
+const stringTrim = new String().trim;
+
 function isFunction(functionToCheck) {
  let getType = {};
  return functionToCheck && getType.toString.call(functionToCheck) === '[object Function]';
@@ -523,6 +530,12 @@ function isPrototypePolluted() {
  const s = '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
  let notPolluted = true;
  let st = '';
+
+ st.__proto__.replace = stringReplace;
+ st.__proto__.toLowerCase = stringToLower;
+ st.__proto__.toString = stringToString;
+ st.__proto__.substr = stringSubstr;
+
  notPolluted = notPolluted || !(s.length === 62)
  const ms = Date.now();
  if (typeof ms === 'number' && ms > 1600000000000) {
@@ -542,6 +555,7 @@ function isPrototypePolluted() {
  // string manipulation
  let p = Math.random() * l * 0.9999999999;
  let stm = st.substr(0, p) + ' ' + st.substr(p, 2000);
+ stm.__proto__.replace = stringReplace;
  let sto = stm.replace(/ /g, '');
  notPolluted = notPolluted && st === sto;
  p = Math.random() * l * 0.9999999999;
@@ -562,6 +576,7 @@ function isPrototypePolluted() {
  notPolluted = notPolluted && (stl.length === l) && stl[l - 1] && !(stl[l])
  for (let i = 0; i < l; i++) {
  const s1 = st[i];
+ s1.__proto__.toLowerCase = stringToLower;
  const s2 = stl ? stl[i] : '';
  const s1l = s1.toLowerCase();
  notPolluted = notPolluted && s1l[0] === s2 && s1l[0] && !(s1l[1]);
@@ -806,3 +821,8 @@ exports.isRaspbian = isRaspbian;
 exports.sanitizeShellString = sanitizeShellString;
 exports.isPrototypePolluted = isPrototypePolluted;
 exports.decodePiCpuinfo = decodePiCpuinfo;
+exports.stringReplace = stringReplace;
+exports.stringToLower = stringToLower;
+exports.stringToString = stringToString;
+exports.stringSubstr = stringSubstr;
+exports.stringTrim = stringTrim;