Fabio/webssh2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Missing require('fs') in server/app.js See issue [#135](../../issues/135)

Browse source 
- Missing require('fs') in `server/app.js` See issue [#135](../../issues/135)
- Patched read-config to mitigate vulnerability in js-yaml
  - issue not exploitable on webssh2 implementation
  - patched anyway
  - sending my patch upstream to read-config, webssh2 package.json points to patched version in my repository https://github.com/billchurch/nodejs-read-config
  - See https://github.com/nodeca/js-yaml/issues/475 for more detail
This commit is contained in:
Bill Church 2019-06-13 14:39:47 -04:00
parent 7cdcbec5f1
commit 56086b01dd
7 changed files with 38 additions and 7198 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
ChangeLog.md
View file

@ -1,4 +1,13 @@
# Change Log # Change Log
## [0.2.9] 2019-06-13
### Changes
- Missing require('fs') in `server/app.js` See issue [#135](../../issues/135)
- Patched read-config to mitigate vulnerability in js-yaml
- issue not exploitable on webssh2 implementation
- patched anyway
- sending my patch upstream to read-config, webssh2 package.json points to patched version in my repository https://github.com/billchurch/nodejs-read-config
- See https://github.com/nodeca/js-yaml/issues/475 for more detail
## [0.2.8] 2019-05-25 ## [0.2.8] 2019-05-25
### Changes ### Changes
- Fixes issue if no password is entered, browser must be closed and restart to attempt to re-auth. See issue [#118](../../issues/118). Thanks @smilesm2 for the idea. - Fixes issue if no password is entered, browser must be closed and restart to attempt to re-auth. See issue [#118](../../issues/118). Thanks @smilesm2 for the idea.

7168
app/package-lock.json generated
View file

File diff suppressed because it is too large Load diff

4
app/package.json
View file

@ -1,6 +1,6 @@
{ {
"name": "webssh2", "name": "webssh2",
"version": "0.2.8", "version": "0.2.9",
"ignore": [ "ignore": [
".gitignore" ".gitignore"
], ],
@ -34,7 +34,7 @@
"express": "^4.16.4", "express": "^4.16.4",
"express-session": "^1.15.6", "express-session": "^1.15.6",
"morgan": "^1.9.1", "morgan": "^1.9.1",
"read-config": "^2.0.0", "read-config": "git+https://github.com/billchurch/nodejs-read-config.git",
"socket.io": "^2.1.1", "socket.io": "^2.1.1",
"ssh2": "^0.6.1", "ssh2": "^0.6.1",
"validator": "^10.9.0" "validator": "^10.9.0"

BIN
bin/BIG-IP-ILX-WebSSH2-current.tgz
View file

Binary file not shown.

2
bin/BIG-IP-ILX-WebSSH2-current.tgz.sha256
View file

@ -1 +1 @@
e2e70f7d2949b6c8fe0299f888a3725763a62c01a1faea1fb729babc2ed51c92 Build/Release/BIG-IP-ILX-WebSSH2-0.2.8.tgz b512ae8f04eba0eab29e026542fab1063b1bb4ae6db04e3613a8939260fe031c Build/Release/BIG-IP-ILX-WebSSH2-0.2.9.tgz

50
workspace/extensions/webssh2/package.json
View file

@ -1,6 +1,6 @@
{ {
"name": "webssh2", "name": "webssh2",
"version": "0.2.8", "version": "0.2.9",
"ignore": [ "ignore": [
".gitignore" ".gitignore"
], ],
@ -34,7 +34,7 @@
"express": "^4.16.4", "express": "^4.16.4",
"express-session": "^1.15.6", "express-session": "^1.15.6",
"morgan": "^1.9.1", "morgan": "^1.9.1",
"read-config": "^2.0.0", "read-config": "git+https://github.com/billchurch/nodejs-read-config.git",
"socket.io": "^2.1.1", "socket.io": "^2.1.1",
"ssh2": "^0.6.1", "ssh2": "^0.6.1",
"validator": "^10.9.0" "validator": "^10.9.0"
@ -49,30 +49,6 @@
"standard": "standard --verbose --fix | snazzy", "standard": "standard --verbose --fix | snazzy",
"cleanmac": "find . -name '.DS_Store' -type f -delete" "cleanmac": "find . -name '.DS_Store' -type f -delete"
}, },
"devDependencies": {
"@fortawesome/fontawesome-svg-core": "^1.2.12",
"@fortawesome/free-solid-svg-icons": "^5.6.3",
"ajv": "^6.5.5",
"bithound": "^1.7.0",
"clean-webpack-plugin": "^1.0.0",
"copy-webpack-plugin": "^4.6.0",
"css-loader": "^2.1.0",
"extract-text-webpack-plugin": "^4.0.0-beta.0",
"file-loader": "^3.0.1",
"nodemon": "^1.18.6",
"postcss-discard-comments": "^4.0.1",
"snazzy": "^8.0.0",
"snyk": "^1.108.2",
"standard": "^12.0.1",
"style-loader": "^0.23.1",
"uglifyjs-webpack-plugin": "^2.0.1",
"url-loader": "^1.1.2",
"webpack": "^4.25.1",
"webpack-cli": "^3.1.2",
"webpack-merge": "^4.1.4",
"webpack-stream": "^5.1.1",
"xterm": "^3.8.0"
},
"standard": { "standard": {
"ignore": [ "ignore": [
"client/public/webssh2.bundle.js", "client/public/webssh2.bundle.js",
@ -82,5 +58,27 @@
"build/*", "build/*",
"workspace/*" "workspace/*"
] ]
},
"devDependencies": {
"@fortawesome/fontawesome-svg-core": "^1.2.12",
"@fortawesome/free-solid-svg-icons": "^5.6.3",
"clean-webpack-plugin": "^1.0.0",
"copy-webpack-plugin": "^4.6.0",
"cross-env": "^5.2.0",
"css-loader": "^2.1.0",
"extract-text-webpack-plugin": "^4.0.0-beta.0",
"file-loader": "^3.0.1",
"nodaemon": "0.0.5",
"postcss-discard-comments": "^4.0.1",
"snazzy": "^8.0.0",
"standard": "^12.0.1",
"style-loader": "^0.23.1",
"uglifyjs-webpack-plugin": "^2.1.1",
"url-loader": "^1.1.2",
"webpack": "^4.28.4",
"webpack-cli": "^3.2.1",
"webpack-merge": "^4.2.1",
"webpack-stream": "^5.2.1",
"xterm": "^3.10.1"
} }
} }

3
workspace/extensions/webssh2/server/app.js
View file

@ -3,6 +3,7 @@
// app.js // app.js
var path = require('path') var path = require('path')
var fs = require('fs')
var nodeRoot = path.dirname(require.main.filename) var nodeRoot = path.dirname(require.main.filename)
var configPath = path.join(nodeRoot, 'config.json') var configPath = path.join(nodeRoot, 'config.json')
var publicPath = path.join(nodeRoot, 'client', 'public') var publicPath = path.join(nodeRoot, 'client', 'public')
@ -13,7 +14,7 @@ var logger = require('morgan')
// sane defaults if config.json or parts are missing // sane defaults if config.json or parts are missing
let config = { let config = {
'listen': { 'listen': {
'ip': '127.0.0.1', 'ip': '0.0.0.0',
'port': 2222 'port': 2222
}, },
'user': { 'user': {