Remove ip module to fix security vulnerability (#989)

Co-authored-by: Ezio Li <v-yukl@microsoft.com>
This commit is contained in:
lexie011 2024-08-30 10:11:15 +08:00 коммит произвёл GitHub
Родитель 9462bbf43c
Коммит fc12491fc5
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: B5690EEEBB952194
4 изменённых файлов: 74 добавлений и 14 удалений

62
package-lock.json сгенерированный
Просмотреть файл

@ -14,7 +14,8 @@
"elementtree": "^0.1.6",
"execa": "^4.0.0",
"gulp-mocha": "^8.0.0",
"ip": "^1.1.9",
"ip-address": "^9.0.5",
"net": "^1.0.2",
"plist": "^3.0.5",
"semver": "^6.3.1",
"socket.io-client": "2.4.0",
@ -8094,10 +8095,22 @@
"node": ">=10.13.0"
}
},
"node_modules/ip": {
"version": "1.1.9",
"resolved": "https://registry.npmjs.org/ip/-/ip-1.1.9.tgz",
"integrity": "sha512-cyRxvOEpNHNtchU3Ln9KC/auJgup87llfQpQ+t5ghoC/UhL16SWzbueiCsdTnWmqAWl7LadfuwhlqmtOaqMHdQ=="
"node_modules/ip-address": {
"version": "9.0.5",
"resolved": "https://registry.npmjs.org/ip-address/-/ip-address-9.0.5.tgz",
"integrity": "sha512-zHtQzGojZXTwZTHQqra+ETKd4Sn3vgi7uBmlPoXVWZqYvuKmtI0l/VZTjqGmJY9x88GGOaZ9+G9ES8hC4T4X8g==",
"dependencies": {
"jsbn": "1.1.0",
"sprintf-js": "^1.1.3"
},
"engines": {
"node": ">= 12"
}
},
"node_modules/ip-address/node_modules/sprintf-js": {
"version": "1.1.3",
"resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.1.3.tgz",
"integrity": "sha512-Oo+0REFV59/rz3gfJNKQiBlwfHaSESl1pcGyABQsnnIfWOFt6JNj5gCog2U6MLZ//IGYD+nA8nI+mTShREReaA=="
},
"node_modules/ipaddr.js": {
"version": "1.9.1",
@ -8575,6 +8588,11 @@
"js-yaml": "bin/js-yaml.js"
}
},
"node_modules/jsbn": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/jsbn/-/jsbn-1.1.0.tgz",
"integrity": "sha512-4bYVV3aAMtDTTu4+xsDYa6sy9GyJ69/amsu9sYF2zqjiEoZA5xJi3BrfX3uY+/IekIu7MwdObdbDWpoZdBv3/A=="
},
"node_modules/jsesc": {
"version": "2.5.2",
"resolved": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz",
@ -9866,6 +9884,11 @@
"integrity": "sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==",
"dev": true
},
"node_modules/net": {
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/net/-/net-1.0.2.tgz",
"integrity": "sha512-kbhcj2SVVR4caaVnGLJKmlk2+f+oLkjqdKeQlmUtz6nGzOpbcobwVIeSURNgraV/v3tlmGIX82OcPCl0K6RbHQ=="
},
"node_modules/next-tick": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/next-tick/-/next-tick-1.1.0.tgz",
@ -20542,10 +20565,21 @@
"integrity": "sha512-6xwYfHbajpoF0xLW+iwLkhwgvLoZDfjYfoFNu8ftMoXINzwuymNLd9u/KmwtdT2GbR+/Cz66otEGEVVUHX9QLQ==",
"devOptional": true
},
"ip": {
"version": "1.1.9",
"resolved": "https://registry.npmjs.org/ip/-/ip-1.1.9.tgz",
"integrity": "sha512-cyRxvOEpNHNtchU3Ln9KC/auJgup87llfQpQ+t5ghoC/UhL16SWzbueiCsdTnWmqAWl7LadfuwhlqmtOaqMHdQ=="
"ip-address": {
"version": "9.0.5",
"resolved": "https://registry.npmjs.org/ip-address/-/ip-address-9.0.5.tgz",
"integrity": "sha512-zHtQzGojZXTwZTHQqra+ETKd4Sn3vgi7uBmlPoXVWZqYvuKmtI0l/VZTjqGmJY9x88GGOaZ9+G9ES8hC4T4X8g==",
"requires": {
"jsbn": "1.1.0",
"sprintf-js": "^1.1.3"
},
"dependencies": {
"sprintf-js": {
"version": "1.1.3",
"resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.1.3.tgz",
"integrity": "sha512-Oo+0REFV59/rz3gfJNKQiBlwfHaSESl1pcGyABQsnnIfWOFt6JNj5gCog2U6MLZ//IGYD+nA8nI+mTShREReaA=="
}
}
},
"ipaddr.js": {
"version": "1.9.1",
@ -20875,6 +20909,11 @@
"esprima": "^4.0.0"
}
},
"jsbn": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/jsbn/-/jsbn-1.1.0.tgz",
"integrity": "sha512-4bYVV3aAMtDTTu4+xsDYa6sy9GyJ69/amsu9sYF2zqjiEoZA5xJi3BrfX3uY+/IekIu7MwdObdbDWpoZdBv3/A=="
},
"jsesc": {
"version": "2.5.2",
"resolved": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz",
@ -21886,6 +21925,11 @@
"integrity": "sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==",
"dev": true
},
"net": {
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/net/-/net-1.0.2.tgz",
"integrity": "sha512-kbhcj2SVVR4caaVnGLJKmlk2+f+oLkjqdKeQlmUtz6nGzOpbcobwVIeSURNgraV/v3tlmGIX82OcPCl0K6RbHQ=="
},
"next-tick": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/next-tick/-/next-tick-1.1.0.tgz",

Просмотреть файл

@ -718,7 +718,8 @@
"elementtree": "^0.1.6",
"execa": "^4.0.0",
"gulp-mocha": "^8.0.0",
"ip": "^1.1.9",
"ip-address": "^9.0.5",
"net": "^1.0.2",
"plist": "^3.0.5",
"semver": "^6.3.1",
"socket.io-client": "2.4.0",

Просмотреть файл

@ -2,6 +2,8 @@
// Licensed under the MIT license. See LICENSE file in the project root for details.
import * as fs from "fs";
import * as net from "net";
import { Address4, Address6 } from "ip-address";
export function isDirectory(dir: string): boolean {
try {
@ -10,3 +12,16 @@ export function isDirectory(dir: string): boolean {
return false;
}
}
export function ipToBuffer(ip: string): Buffer {
if (net.isIPv4(ip)) {
// Handle IPv4 addresses
const address = new Address4(ip);
return Buffer.from(address.toArray());
} else if (net.isIPv6(ip)) {
// Handle IPv6 addresses
const address = new Address6(ip);
return Buffer.from(address.toByteArray());
}
throw new Error("Invalid IP address format.");
}

Просмотреть файл

@ -2,7 +2,6 @@
// Licensed under the MIT license. See LICENSE file in the project root for details.
import * as URL from "url";
import * as ipModule from "ip";
const dns = require("dns").promises;
@ -10,6 +9,7 @@ import * as http from "http";
import * as https from "https";
import { CancellationToken } from "vscode";
import * as nls from "vscode-nls";
import { ipToBuffer } from "../../common/utils";
import { InternalErrorCode } from "../../common/error/internalErrorCode";
import { delay } from "../../utils/extensionHelper";
import { ErrorHelper } from "../../common/error/errorHelper";
@ -24,8 +24,8 @@ export class DebuggerEndpointHelper {
private localv6: Buffer;
constructor() {
this.localv4 = ipModule.toBuffer("127.0.0.1");
this.localv6 = ipModule.toBuffer("::1");
this.localv4 = ipToBuffer("127.0.0.1");
this.localv6 = ipToBuffer("::1");
}
/**
@ -165,7 +165,7 @@ export class DebuggerEndpointHelper {
let buf: Buffer;
try {
buf = ipModule.toBuffer(ipOrLocalhost);
buf = ipToBuffer(ipOrLocalhost);
} catch {
return false;
}