Remove ip module to fix security vulnerability (#989)
Co-authored-by: Ezio Li <v-yukl@microsoft.com>
This commit is contained in:
Родитель
9462bbf43c
Коммит
fc12491fc5
|
@ -14,7 +14,8 @@
|
|||
"elementtree": "^0.1.6",
|
||||
"execa": "^4.0.0",
|
||||
"gulp-mocha": "^8.0.0",
|
||||
"ip": "^1.1.9",
|
||||
"ip-address": "^9.0.5",
|
||||
"net": "^1.0.2",
|
||||
"plist": "^3.0.5",
|
||||
"semver": "^6.3.1",
|
||||
"socket.io-client": "2.4.0",
|
||||
|
@ -8094,10 +8095,22 @@
|
|||
"node": ">=10.13.0"
|
||||
}
|
||||
},
|
||||
"node_modules/ip": {
|
||||
"version": "1.1.9",
|
||||
"resolved": "https://registry.npmjs.org/ip/-/ip-1.1.9.tgz",
|
||||
"integrity": "sha512-cyRxvOEpNHNtchU3Ln9KC/auJgup87llfQpQ+t5ghoC/UhL16SWzbueiCsdTnWmqAWl7LadfuwhlqmtOaqMHdQ=="
|
||||
"node_modules/ip-address": {
|
||||
"version": "9.0.5",
|
||||
"resolved": "https://registry.npmjs.org/ip-address/-/ip-address-9.0.5.tgz",
|
||||
"integrity": "sha512-zHtQzGojZXTwZTHQqra+ETKd4Sn3vgi7uBmlPoXVWZqYvuKmtI0l/VZTjqGmJY9x88GGOaZ9+G9ES8hC4T4X8g==",
|
||||
"dependencies": {
|
||||
"jsbn": "1.1.0",
|
||||
"sprintf-js": "^1.1.3"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 12"
|
||||
}
|
||||
},
|
||||
"node_modules/ip-address/node_modules/sprintf-js": {
|
||||
"version": "1.1.3",
|
||||
"resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.1.3.tgz",
|
||||
"integrity": "sha512-Oo+0REFV59/rz3gfJNKQiBlwfHaSESl1pcGyABQsnnIfWOFt6JNj5gCog2U6MLZ//IGYD+nA8nI+mTShREReaA=="
|
||||
},
|
||||
"node_modules/ipaddr.js": {
|
||||
"version": "1.9.1",
|
||||
|
@ -8575,6 +8588,11 @@
|
|||
"js-yaml": "bin/js-yaml.js"
|
||||
}
|
||||
},
|
||||
"node_modules/jsbn": {
|
||||
"version": "1.1.0",
|
||||
"resolved": "https://registry.npmjs.org/jsbn/-/jsbn-1.1.0.tgz",
|
||||
"integrity": "sha512-4bYVV3aAMtDTTu4+xsDYa6sy9GyJ69/amsu9sYF2zqjiEoZA5xJi3BrfX3uY+/IekIu7MwdObdbDWpoZdBv3/A=="
|
||||
},
|
||||
"node_modules/jsesc": {
|
||||
"version": "2.5.2",
|
||||
"resolved": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz",
|
||||
|
@ -9866,6 +9884,11 @@
|
|||
"integrity": "sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==",
|
||||
"dev": true
|
||||
},
|
||||
"node_modules/net": {
|
||||
"version": "1.0.2",
|
||||
"resolved": "https://registry.npmjs.org/net/-/net-1.0.2.tgz",
|
||||
"integrity": "sha512-kbhcj2SVVR4caaVnGLJKmlk2+f+oLkjqdKeQlmUtz6nGzOpbcobwVIeSURNgraV/v3tlmGIX82OcPCl0K6RbHQ=="
|
||||
},
|
||||
"node_modules/next-tick": {
|
||||
"version": "1.1.0",
|
||||
"resolved": "https://registry.npmjs.org/next-tick/-/next-tick-1.1.0.tgz",
|
||||
|
@ -20542,10 +20565,21 @@
|
|||
"integrity": "sha512-6xwYfHbajpoF0xLW+iwLkhwgvLoZDfjYfoFNu8ftMoXINzwuymNLd9u/KmwtdT2GbR+/Cz66otEGEVVUHX9QLQ==",
|
||||
"devOptional": true
|
||||
},
|
||||
"ip": {
|
||||
"version": "1.1.9",
|
||||
"resolved": "https://registry.npmjs.org/ip/-/ip-1.1.9.tgz",
|
||||
"integrity": "sha512-cyRxvOEpNHNtchU3Ln9KC/auJgup87llfQpQ+t5ghoC/UhL16SWzbueiCsdTnWmqAWl7LadfuwhlqmtOaqMHdQ=="
|
||||
"ip-address": {
|
||||
"version": "9.0.5",
|
||||
"resolved": "https://registry.npmjs.org/ip-address/-/ip-address-9.0.5.tgz",
|
||||
"integrity": "sha512-zHtQzGojZXTwZTHQqra+ETKd4Sn3vgi7uBmlPoXVWZqYvuKmtI0l/VZTjqGmJY9x88GGOaZ9+G9ES8hC4T4X8g==",
|
||||
"requires": {
|
||||
"jsbn": "1.1.0",
|
||||
"sprintf-js": "^1.1.3"
|
||||
},
|
||||
"dependencies": {
|
||||
"sprintf-js": {
|
||||
"version": "1.1.3",
|
||||
"resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.1.3.tgz",
|
||||
"integrity": "sha512-Oo+0REFV59/rz3gfJNKQiBlwfHaSESl1pcGyABQsnnIfWOFt6JNj5gCog2U6MLZ//IGYD+nA8nI+mTShREReaA=="
|
||||
}
|
||||
}
|
||||
},
|
||||
"ipaddr.js": {
|
||||
"version": "1.9.1",
|
||||
|
@ -20875,6 +20909,11 @@
|
|||
"esprima": "^4.0.0"
|
||||
}
|
||||
},
|
||||
"jsbn": {
|
||||
"version": "1.1.0",
|
||||
"resolved": "https://registry.npmjs.org/jsbn/-/jsbn-1.1.0.tgz",
|
||||
"integrity": "sha512-4bYVV3aAMtDTTu4+xsDYa6sy9GyJ69/amsu9sYF2zqjiEoZA5xJi3BrfX3uY+/IekIu7MwdObdbDWpoZdBv3/A=="
|
||||
},
|
||||
"jsesc": {
|
||||
"version": "2.5.2",
|
||||
"resolved": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz",
|
||||
|
@ -21886,6 +21925,11 @@
|
|||
"integrity": "sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==",
|
||||
"dev": true
|
||||
},
|
||||
"net": {
|
||||
"version": "1.0.2",
|
||||
"resolved": "https://registry.npmjs.org/net/-/net-1.0.2.tgz",
|
||||
"integrity": "sha512-kbhcj2SVVR4caaVnGLJKmlk2+f+oLkjqdKeQlmUtz6nGzOpbcobwVIeSURNgraV/v3tlmGIX82OcPCl0K6RbHQ=="
|
||||
},
|
||||
"next-tick": {
|
||||
"version": "1.1.0",
|
||||
"resolved": "https://registry.npmjs.org/next-tick/-/next-tick-1.1.0.tgz",
|
||||
|
|
|
@ -718,7 +718,8 @@
|
|||
"elementtree": "^0.1.6",
|
||||
"execa": "^4.0.0",
|
||||
"gulp-mocha": "^8.0.0",
|
||||
"ip": "^1.1.9",
|
||||
"ip-address": "^9.0.5",
|
||||
"net": "^1.0.2",
|
||||
"plist": "^3.0.5",
|
||||
"semver": "^6.3.1",
|
||||
"socket.io-client": "2.4.0",
|
||||
|
|
|
@ -2,6 +2,8 @@
|
|||
// Licensed under the MIT license. See LICENSE file in the project root for details.
|
||||
|
||||
import * as fs from "fs";
|
||||
import * as net from "net";
|
||||
import { Address4, Address6 } from "ip-address";
|
||||
|
||||
export function isDirectory(dir: string): boolean {
|
||||
try {
|
||||
|
@ -10,3 +12,16 @@ export function isDirectory(dir: string): boolean {
|
|||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
export function ipToBuffer(ip: string): Buffer {
|
||||
if (net.isIPv4(ip)) {
|
||||
// Handle IPv4 addresses
|
||||
const address = new Address4(ip);
|
||||
return Buffer.from(address.toArray());
|
||||
} else if (net.isIPv6(ip)) {
|
||||
// Handle IPv6 addresses
|
||||
const address = new Address6(ip);
|
||||
return Buffer.from(address.toByteArray());
|
||||
}
|
||||
throw new Error("Invalid IP address format.");
|
||||
}
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
// Licensed under the MIT license. See LICENSE file in the project root for details.
|
||||
|
||||
import * as URL from "url";
|
||||
import * as ipModule from "ip";
|
||||
|
||||
const dns = require("dns").promises;
|
||||
|
||||
|
@ -10,6 +9,7 @@ import * as http from "http";
|
|||
import * as https from "https";
|
||||
import { CancellationToken } from "vscode";
|
||||
import * as nls from "vscode-nls";
|
||||
import { ipToBuffer } from "../../common/utils";
|
||||
import { InternalErrorCode } from "../../common/error/internalErrorCode";
|
||||
import { delay } from "../../utils/extensionHelper";
|
||||
import { ErrorHelper } from "../../common/error/errorHelper";
|
||||
|
@ -24,8 +24,8 @@ export class DebuggerEndpointHelper {
|
|||
private localv6: Buffer;
|
||||
|
||||
constructor() {
|
||||
this.localv4 = ipModule.toBuffer("127.0.0.1");
|
||||
this.localv6 = ipModule.toBuffer("::1");
|
||||
this.localv4 = ipToBuffer("127.0.0.1");
|
||||
this.localv6 = ipToBuffer("::1");
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -165,7 +165,7 @@ export class DebuggerEndpointHelper {
|
|||
|
||||
let buf: Buffer;
|
||||
try {
|
||||
buf = ipModule.toBuffer(ipOrLocalhost);
|
||||
buf = ipToBuffer(ipOrLocalhost);
|
||||
} catch {
|
||||
return false;
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче