Missing require('fs') in server/app.js See issue [#135](../../issues/135)

- Missing require('fs') in `server/app.js` See issue [#135](../../issues/135) - Patched read-config to mitigate vulnerability in js-yaml - issue not exploitable on webssh2 implementation - patched anyway - sending my patch upstream to read-config, webssh2 package.json points to patched version in my repository https://github.com/billchurch/nodejs-read-config - See https://github.com/nodeca/js-yaml/issues/475 for more detail
2019-06-13 14:39:47 -04:00 · 2019-06-13 14:39:47 -04:00 · 56086b01dd
commit 56086b01dd
parent 7cdcbec5f1
7 changed files with 38 additions and 7198 deletions
--- a/ChangeLog.md
+++ b/ChangeLog.md
@ -1,4 +1,13 @@
 # Change Log
+## [0.2.9] 2019-06-13
+### Changes
+- Missing require('fs') in `server/app.js` See issue [#135](../../issues/135)
+- Patched read-config to mitigate vulnerability in js-yaml
+  - issue not exploitable on webssh2 implementation
+  - patched anyway
+  - sending my patch upstream to read-config, webssh2 package.json points to patched version in my repository https://github.com/billchurch/nodejs-read-config
+  - See https://github.com/nodeca/js-yaml/issues/475 for more detail
+
 ## [0.2.8] 2019-05-25
 ### Changes
 - Fixes issue if no password is entered, browser must be closed and restart to attempt to re-auth. See issue [#118](../../issues/118). Thanks @smilesm2 for the idea.
--- a/app/package-lock.json
+++ b/app/package-lock.json
--- a/app/package.json
+++ b/app/package.json
@ -1,6 +1,6 @@
 {
  "name": "webssh2",
-  "version": "0.2.8",
+  "version": "0.2.9",
  "ignore": [
    ".gitignore"
  ],
@ -34,7 +34,7 @@
    "express": "^4.16.4",
    "express-session": "^1.15.6",
    "morgan": "^1.9.1",
-    "read-config": "^2.0.0",
+    "read-config": "git+https://github.com/billchurch/nodejs-read-config.git",
    "socket.io": "^2.1.1",
    "ssh2": "^0.6.1",
    "validator": "^10.9.0"
--- a/bin/BIG-IP-ILX-WebSSH2-current.tgz
+++ b/bin/BIG-IP-ILX-WebSSH2-current.tgz
--- a/bin/BIG-IP-ILX-WebSSH2-current.tgz.sha256
+++ b/bin/BIG-IP-ILX-WebSSH2-current.tgz.sha256
@ -1 +1 @@
-e2e70f7d2949b6c8fe0299f888a3725763a62c01a1faea1fb729babc2ed51c92  Build/Release/BIG-IP-ILX-WebSSH2-0.2.8.tgz
+b512ae8f04eba0eab29e026542fab1063b1bb4ae6db04e3613a8939260fe031c  Build/Release/BIG-IP-ILX-WebSSH2-0.2.9.tgz
--- a/workspace/extensions/webssh2/package.json
+++ b/workspace/extensions/webssh2/package.json
@ -1,6 +1,6 @@
 {
  "name": "webssh2",
-  "version": "0.2.8",
+  "version": "0.2.9",
  "ignore": [
    ".gitignore"
  ],
@ -34,7 +34,7 @@
    "express": "^4.16.4",
    "express-session": "^1.15.6",
    "morgan": "^1.9.1",
-    "read-config": "^2.0.0",
+    "read-config": "git+https://github.com/billchurch/nodejs-read-config.git",
    "socket.io": "^2.1.1",
    "ssh2": "^0.6.1",
    "validator": "^10.9.0"
@ -49,30 +49,6 @@
    "standard": "standard --verbose --fix | snazzy",
    "cleanmac": "find . -name '.DS_Store' -type f -delete"
  },
-  "devDependencies": {
-    "@fortawesome/fontawesome-svg-core": "^1.2.12",
-    "@fortawesome/free-solid-svg-icons": "^5.6.3",
-    "ajv": "^6.5.5",
-    "bithound": "^1.7.0",
-    "clean-webpack-plugin": "^1.0.0",
-    "copy-webpack-plugin": "^4.6.0",
-    "css-loader": "^2.1.0",
-    "extract-text-webpack-plugin": "^4.0.0-beta.0",
-    "file-loader": "^3.0.1",
-    "nodemon": "^1.18.6",
-    "postcss-discard-comments": "^4.0.1",
-    "snazzy": "^8.0.0",
-    "snyk": "^1.108.2",
-    "standard": "^12.0.1",
-    "style-loader": "^0.23.1",
-    "uglifyjs-webpack-plugin": "^2.0.1",
-    "url-loader": "^1.1.2",
-    "webpack": "^4.25.1",
-    "webpack-cli": "^3.1.2",
-    "webpack-merge": "^4.1.4",
-    "webpack-stream": "^5.1.1",
-    "xterm": "^3.8.0"
-  },
  "standard": {
    "ignore": [
      "client/public/webssh2.bundle.js",
@ -82,5 +58,27 @@
      "build/*",
      "workspace/*"
    ]
+  },
+  "devDependencies": {
+    "@fortawesome/fontawesome-svg-core": "^1.2.12",
+    "@fortawesome/free-solid-svg-icons": "^5.6.3",
+    "clean-webpack-plugin": "^1.0.0",
+    "copy-webpack-plugin": "^4.6.0",
+    "cross-env": "^5.2.0",
+    "css-loader": "^2.1.0",
+    "extract-text-webpack-plugin": "^4.0.0-beta.0",
+    "file-loader": "^3.0.1",
+    "nodaemon": "0.0.5",
+    "postcss-discard-comments": "^4.0.1",
+    "snazzy": "^8.0.0",
+    "standard": "^12.0.1",
+    "style-loader": "^0.23.1",
+    "uglifyjs-webpack-plugin": "^2.1.1",
+    "url-loader": "^1.1.2",
+    "webpack": "^4.28.4",
+    "webpack-cli": "^3.2.1",
+    "webpack-merge": "^4.2.1",
+    "webpack-stream": "^5.2.1",
+    "xterm": "^3.10.1"
  }
 }
--- a/workspace/extensions/webssh2/server/app.js
+++ b/workspace/extensions/webssh2/server/app.js
@ -3,6 +3,7 @@
 // app.js

 var path = require('path')
+var fs = require('fs')
 var nodeRoot = path.dirname(require.main.filename)
 var configPath = path.join(nodeRoot, 'config.json')
 var publicPath = path.join(nodeRoot, 'client', 'public')
@ -13,7 +14,7 @@ var logger = require('morgan')
 // sane defaults if config.json or parts are missing
 let config = {
  'listen': {
-    'ip': '127.0.0.1',
+    'ip': '0.0.0.0',
    'port': 2222
  },
  'user': {