ShinobiSystems
/
Shinobi
mirror of https://gitlab.com/Shinobi-Systems/Shinobi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix Dependency Vulnerabilities 

- Telegram Bot module must be installed manually due to vulnerabilities
- FTP Server module must be installed manually due to vulnerabilities
- WebDAV module must be installed manually due to vulnerabilities and conf.json must configured manually to enable it.
- Backblaze B2 module fork latest from git and published under shinobi-backblaze-b2
rally-management
Moe 2024-09-29 12:57:22 -07:00
parent 879b5a6bae
commit 76b662a139
6 changed files with 2833 additions and 4915 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
libs/dropInEvents.js
View File

@ -164,6 +164,7 @@ module.exports = function(s,config,lang,app,io){
})
}
var createDropInEventsDirectory = function(){
try{
if(!config.dropInEventsDir){
config.dropInEventsDir = s.dir.streams + 'dropInEvents/'
}
@ -172,6 +173,9 @@ module.exports = function(s,config,lang,app,io){
if(!fs.existsSync(s.dir.dropInEvents)){
fs.mkdirSync(s.dir.dropInEvents)
}
}catch(err){
console.error(err)
}
}
var getDropInEventDir = function(monitorConfig){
var ke = monitorConfig.ke
@ -209,15 +213,17 @@ module.exports = function(s,config,lang,app,io){
createDropInEventDirectory(monitorConfig,function(err,monitorEventDropDir){})
}
// FTP Server
if(config.ftpServer === true){
createDropInEventsDirectory()
if(config.ftpServer === true){
try{
const FtpSrv = require('ftp-srv')
console.error('WARNING : FTP Server is enabled.')
if(!config.ftpServerPort)config.ftpServerPort = 21
if(!config.ftpServerUrl)config.ftpServerUrl = `ftp://0.0.0.0:${config.ftpServerPort}`
if(!config.ftpServerPasvUrl)config.ftpServerPasvUrl = config.ftpServerUrl.replace(/.*:\/\//, '').replace(/:.*/, '');
if(!config.ftpServerPasvMinPort)config.ftpServerPasvMinPort = 10050;
if(!config.ftpServerPasvMaxPort)config.ftpServerPasvMaxPort = 10100;
config.ftpServerUrl = config.ftpServerUrl.replace('{{PORT}}',config.ftpServerPort)
const FtpSrv = require('ftp-srv')
const ftpServer = new FtpSrv({
url: config.ftpServerUrl,
@ -261,6 +267,11 @@ module.exports = function(s,config,lang,app,io){
}).catch(function(err){
s.systemLog(err)
})
}catch(err){
console.error(err.message)
console.error('Could not start FTP Server, please run "npm install ftp-srv" inside the Shinobi folder.')
console.error('The ftp-srv Module is known to have possible vulnerabilities. Due to the nature of the vulnerability you should be unaffected unless the FTP Port is public facing. Use at your own risk.')
}
}
//add extensions
s.onMonitorInit(onMonitorInit)

9
libs/notifications/telegram.js
View File

@ -20,8 +20,10 @@ module.exports = function(s,config,lang,getSnapshot){
//telegram bot
if(config.telegramBot === true){
const TelegramBot = require('node-telegram-bot-api');
try{
const TelegramBot = require('node-telegram-bot-api');
console.error('WARNING : Telegram bot is enabled.')
const sendMessage = async function(sendBody,attachments,groupKey){
var bot = s.group[groupKey].telegramBot
if(!bot){
@ -363,8 +365,9 @@ module.exports = function(s,config,lang,getSnapshot){
]
})
}catch(err){
console.error(err)
console.log('Could not start Telegram bot, please run "npm install node-telegram-bot-api" inside the Shinobi folder.')
console.error(err.message)
console.error('Could not start Telegram bot, please run "npm install node-telegram-bot-api" inside the Shinobi folder.')
console.error('The Telegram Module is known to have possible vulnerabilities. Use at your own risk.')
}
}
}

2
libs/uploaders/backblazeB2.js
View File

@ -1,6 +1,6 @@
const fs = require('fs');
const { Readable } = require('stream');
const B2 = require('backblaze-b2')
const B2 = require('shinobi-backblaze-b2')
module.exports = function(s,config,lang){
//Backblaze B2
var serviceProvider = 'b2'

20
libs/uploaders/webdav.js
View File

@ -1,6 +1,9 @@
var fs = require('fs');
var webdav = require("webdav-fs");
module.exports = function(s,config,lang){
module.exports = async function(s,config,lang){
if(config.webDavUpload){
try{
const webdav = await import("webdav-fs");
console.error('WARNING : WebDAV is enabled.')
// WebDAV
var beforeAccountSaveForWebDav = function(d){
//d = save event
@ -353,4 +356,17 @@ module.exports = function(s,config,lang){
},
]
}
}catch(err){
console.error(err.message)
console.error('Could not start WebDAV Uploader, please run "npm install webdav-fs" inside the Shinobi folder.')
console.error('The webdav-fs Module is known to have possible vulnerabilities. Due to the nature of the vulnerability you should be unaffected unless Shinobi is public facing. Use at your own risk.')
}
}else{
try{
const webdav = await import("webdav-fs");
console.error('!! Looks like you have webdav-fs installed but its not enabled. Due to a vulnerability with it you now need to add "webDavUpload": true to your conf.json to enable it.')
}catch(err){
}
}
}

6929
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

7
package.json
View File

@ -16,7 +16,6 @@
"dependencies": {
"@aws-sdk/client-s3": "^3.226.0",
"async": "^3.2.2",
"backblaze-b2": "^1.7.0",
"body-parser": "^1.19.0",
"bson": "^4.6.1",
"connection-tester": "^0.2.0",
@ -29,7 +28,6 @@
"express-fileupload": "^1.4.0",
"form-data": "^4.0.0",
"fs-extra": "9.0.1",
"ftp-srv": "^4.6.2",
"googleapis": "^100.0.0",
"http-proxy": "^1.18.1",
"jsonfile": "^3.0.1",
@ -44,7 +42,6 @@
"node-abort-controller": "^3.0.1",
"node-fetch": "^2.6.7",
"node-ssh": "^12.0.4",
"node-telegram-bot-api": "^0.65.1",
"nodemailer": "^6.7.1",
"onvif": "^0.7.1",
"pam-diff": "^1.1.0",
@ -53,6 +50,7 @@
"pixel-change": "^1.1.0",
"pushover-notifications": "^1.2.2",
"sat": "^0.7.1",
"shinobi-backblaze-b2": "^1.7.1",
"shinobi-node-moving-things-tracker": "^0.9.3",
"shinobi-onvif": "0.2.2",
"shinobi-sound-detection": "^0.1.13",
@ -61,8 +59,7 @@
"socket.io": "^4.4.1",
"socket.io-client": "^4.5.3",
"tree-kill": "1.2.2",
"unzipper": "0.10.11",
"webdav-fs": "^4.0.1"
"unzipper": "0.10.11"
},
"bin": "camera.js",
"scripts": {