Jump to content

Disk Space users


chef

Recommended Posts

chef

I received an alert on the Disk Space GitHub repo, that their security alert system had found an issue with the (older) chart.js library used in the plugin, and it had to be updated.

I've updated the chart library and released a updated version of the Emby plugin.

Make sure to install that updated version of the plugin. Perhaps even do a server restart to force that update if needed.

Thanks! 👍

EDIT: There may be three consecutive updates for Disk Space. All the way to 1.0.5.6.

Edited by chef
  • Thanks 3
Link to comment
Share on other sites

rbjtech
6 minutes ago, chef said:

I received an alert on the Disk Space GitHub repo, that their security alert system had found an issue with the (older) chart.js library used in the plugin, and it had to be updated.

I've updated the chart library and released a updated version of the Emby plugin.

Make sure to install that updated version of the plugin. Perhaps even do a server restart to force that update if needed.

Thanks! 👍

Pro-active security update !?  Well done Chef.. !  :)

  • Like 1
Link to comment
Share on other sites

CBers

Just updated, but not seeing anything in the plugin 🤔image.thumb.png.bf91e19b70b051a45704f3f972c842d1.png

Seeing error messages in the server log.

 

2021-06-16 14:49:40.348 Info DiskSpaceService: DISK SPACE -- C:\
2021-06-16 14:49:40.350 Error DiskSpaceService: Index and length must refer to a location within the string. (Parameter 'length')
2021-06-16 14:49:40.350 Error DiskSpaceService: Index was outside the bounds of the array.
2021-06-16 14:49:40.350 Debug XmlSerializer: Deserializing file C:\Users\Media\AppData\Roaming\Emby-Server\plugins\configurations\DiskSpace.xml
2021-06-16 14:49:40.374 Debug XmlSerializer: Serializing to file C:\Users\Media\AppData\Roaming\Emby-Server\plugins\configurations\DiskSpace.xml
2021-06-16 14:49:40.380 Debug XmlSerializer: Deserializing file C:\Users\Media\AppData\Roaming\Emby-Server\config\notifications.xml
2021-06-16 14:49:40.392 Info DiskSpaceService: DISK SPACE -- F:\
2021-06-16 14:49:40.392 Error DiskSpaceService: Index and length must refer to a location within the string. (Parameter 'length')
2021-06-16 14:49:40.392 Error DiskSpaceService: Index was outside the bounds of the array.
2021-06-16 14:49:40.392 Debug XmlSerializer: Serializing to file C:\Users\Media\AppData\Roaming\Emby-Server\plugins\configurations\DiskSpace.xml
2021-06-16 14:49:40.393 Info DiskSpaceService: DISK SPACE -- V:\
2021-06-16 14:49:40.393 Error DiskSpaceService: Index and length must refer to a location within the string. (Parameter 'length')
2021-06-16 14:49:40.393 Error DiskSpaceService: Index was outside the bounds of the array.
2021-06-16 14:49:40.393 Debug XmlSerializer: Serializing to file C:\Users\Media\AppData\Roaming\Emby-Server\plugins\configurations\DiskSpace.xml
2021-06-16 14:49:40.394 Info DiskSpaceService: DISK SPACE -- X:\
2021-06-16 14:49:40.394 Error DiskSpaceService: Index and length must refer to a location within the string. (Parameter 'length')
2021-06-16 14:49:40.394 Error DiskSpaceService: Index was outside the bounds of the array.
2021-06-16 14:49:40.395 Debug XmlSerializer: Serializing to file C:\Users\Media\AppData\Roaming\Emby-Server\plugins\configurations\DiskSpace.xml
2021-06-16 14:49:40.398 Info DiskSpaceService: DISK SPACE -- Z:\
2021-06-16 14:49:40.398 Error DiskSpaceService: Index and length must refer to a location within the string. (Parameter 'length')
2021-06-16 14:49:40.399 Error DiskSpaceService: Index was outside the bounds of the array.
2021-06-16 14:49:40.399 Debug XmlSerializer: Serializing to file C:\Users\Media\AppData\Roaming\Emby-Server\plugins\configurations\DiskSpace.xml
2021-06-16 14:49:40.405 Info Server: http/1.1 Response 200 to 192.168.1.100. Time: 64ms. http://192.168.1.100/emby/GetTotalStorage?X-Emby-Client=Emby Web&X-Emby-Device-Name=Chrome&X-Emby-Device-Id=85fe7d17-e124-420a-abcc-8343f2a4673b&X-Emby-Client-Version=4.7.0.2
2021-06-16 14:49:40.414 Info Server: http/1.1 GET http://192.168.1.100/web/configurationpage?name=Chart.bundle.js&v=4.7.0.2. UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36
2021-06-16 14:49:40.419 Error Server: Error processing request
	*** Error Report ***
	Version: 4.7.0.2
	Command line: C:\Users\Media\AppData\Roaming\Emby-Server\system\EmbyServer.dll -noautorunwebapp
	Operating system: Microsoft Windows 10.0.19043
	Framework: .NET Core 3.1.13
	OS/Process: x64/x64
	Runtime: C:/Users/Media/AppData/Roaming/Emby-Server/system/System.Private.CoreLib.dll
	Processor count: 12
	Data path: C:\Users\Media\AppData\Roaming\Emby-Server
	Application path: C:\Users\Media\AppData\Roaming\Emby-Server\system
	MediaBrowser.Common.Extensions.ResourceNotFoundException: MediaBrowser.Common.Extensions.ResourceNotFoundException: Exception of type 'MediaBrowser.Common.Extensions.ResourceNotFoundException' was thrown.
	   at Emby.Web.Api.DashboardService.Get(GetDashboardConfigurationPage request)
	   at Emby.Server.Implementations.Services.ServiceController.Execute(HttpListenerHost appHost, Object requestDto, IRequest req)
	   at Emby.Server.Implementations.Services.ServiceHandler.ProcessRequestAsync(HttpListenerHost appHost, IRequest httpReq, IResponse httpRes, RestPath restPath, String responseContentType, CancellationToken cancellationToken)
	   at Emby.Server.Implementations.HttpServer.HttpListenerHost.RequestHandler(IRequest httpReq, ReadOnlyMemory`1 urlString, ReadOnlyMemory`1 localPath, CancellationToken cancellationToken)
	Source: Emby.Web
	TargetSite: System.Threading.Tasks.Task`1[System.Object] Get(Emby.Web.Api.GetDashboardConfigurationPage)

 

image.png

Edited by CBers
  • Like 1
Link to comment
Share on other sites

chef
2 minutes ago, CBers said:

Just updated, but not seeing anything in the plugin 🤔image.thumb.png.bf91e19b70b051a45704f3f972c842d1.png

Seeing error messages in the server log.

 


2021-06-16 14:49:40.348 Info DiskSpaceService: DISK SPACE -- C:\
2021-06-16 14:49:40.350 Error DiskSpaceService: Index and length must refer to a location within the string. (Parameter 'length')
2021-06-16 14:49:40.350 Error DiskSpaceService: Index was outside the bounds of the array.
2021-06-16 14:49:40.350 Debug XmlSerializer: Deserializing file C:\Users\Media\AppData\Roaming\Emby-Server\plugins\configurations\DiskSpace.xml
2021-06-16 14:49:40.374 Debug XmlSerializer: Serializing to file C:\Users\Media\AppData\Roaming\Emby-Server\plugins\configurations\DiskSpace.xml
2021-06-16 14:49:40.380 Debug XmlSerializer: Deserializing file C:\Users\Media\AppData\Roaming\Emby-Server\config\notifications.xml
2021-06-16 14:49:40.392 Info DiskSpaceService: DISK SPACE -- F:\
2021-06-16 14:49:40.392 Error DiskSpaceService: Index and length must refer to a location within the string. (Parameter 'length')
2021-06-16 14:49:40.392 Error DiskSpaceService: Index was outside the bounds of the array.
2021-06-16 14:49:40.392 Debug XmlSerializer: Serializing to file C:\Users\Media\AppData\Roaming\Emby-Server\plugins\configurations\DiskSpace.xml
2021-06-16 14:49:40.393 Info DiskSpaceService: DISK SPACE -- V:\
2021-06-16 14:49:40.393 Error DiskSpaceService: Index and length must refer to a location within the string. (Parameter 'length')
2021-06-16 14:49:40.393 Error DiskSpaceService: Index was outside the bounds of the array.
2021-06-16 14:49:40.393 Debug XmlSerializer: Serializing to file C:\Users\Media\AppData\Roaming\Emby-Server\plugins\configurations\DiskSpace.xml
2021-06-16 14:49:40.394 Info DiskSpaceService: DISK SPACE -- X:\
2021-06-16 14:49:40.394 Error DiskSpaceService: Index and length must refer to a location within the string. (Parameter 'length')
2021-06-16 14:49:40.394 Error DiskSpaceService: Index was outside the bounds of the array.
2021-06-16 14:49:40.395 Debug XmlSerializer: Serializing to file C:\Users\Media\AppData\Roaming\Emby-Server\plugins\configurations\DiskSpace.xml
2021-06-16 14:49:40.398 Info DiskSpaceService: DISK SPACE -- Z:\
2021-06-16 14:49:40.398 Error DiskSpaceService: Index and length must refer to a location within the string. (Parameter 'length')
2021-06-16 14:49:40.399 Error DiskSpaceService: Index was outside the bounds of the array.
2021-06-16 14:49:40.399 Debug XmlSerializer: Serializing to file C:\Users\Media\AppData\Roaming\Emby-Server\plugins\configurations\DiskSpace.xml
2021-06-16 14:49:40.405 Info Server: http/1.1 Response 200 to 192.168.1.100. Time: 64ms. http://192.168.1.100/emby/GetTotalStorage?X-Emby-Client=Emby Web&X-Emby-Device-Name=Chrome&X-Emby-Device-Id=85fe7d17-e124-420a-abcc-8343f2a4673b&X-Emby-Client-Version=4.7.0.2
2021-06-16 14:49:40.414 Info Server: http/1.1 GET http://192.168.1.100/web/configurationpage?name=Chart.bundle.js&v=4.7.0.2. UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36
2021-06-16 14:49:40.419 Error Server: Error processing request
	*** Error Report ***
	Version: 4.7.0.2
	Command line: C:\Users\Media\AppData\Roaming\Emby-Server\system\EmbyServer.dll -noautorunwebapp
	Operating system: Microsoft Windows 10.0.19043
	Framework: .NET Core 3.1.13
	OS/Process: x64/x64
	Runtime: C:/Users/Media/AppData/Roaming/Emby-Server/system/System.Private.CoreLib.dll
	Processor count: 12
	Data path: C:\Users\Media\AppData\Roaming\Emby-Server
	Application path: C:\Users\Media\AppData\Roaming\Emby-Server\system
	MediaBrowser.Common.Extensions.ResourceNotFoundException: MediaBrowser.Common.Extensions.ResourceNotFoundException: Exception of type 'MediaBrowser.Common.Extensions.ResourceNotFoundException' was thrown.
	   at Emby.Web.Api.DashboardService.Get(GetDashboardConfigurationPage request)
	   at Emby.Server.Implementations.Services.ServiceController.Execute(HttpListenerHost appHost, Object requestDto, IRequest req)
	   at Emby.Server.Implementations.Services.ServiceHandler.ProcessRequestAsync(HttpListenerHost appHost, IRequest httpReq, IResponse httpRes, RestPath restPath, String responseContentType, CancellationToken cancellationToken)
	   at Emby.Server.Implementations.HttpServer.HttpListenerHost.RequestHandler(IRequest httpReq, ReadOnlyMemory`1 urlString, ReadOnlyMemory`1 localPath, CancellationToken cancellationToken)
	Source: Emby.Web
	TargetSite: System.Threading.Tasks.Task`1[System.Object] Get(Emby.Web.Api.GetDashboardConfigurationPage)

 

image.png

That's not good. Okay, let me see what's going on.

Edited by CBers
Removed identifiable information,
Link to comment
Share on other sites

CBers
4 minutes ago, chef said:

Could you do a clear browser cache?

Still the same.

Is it working OK for you?

Perhaps user error on my part 🤔
 

Edited by CBers
  • Thanks 1
Link to comment
Share on other sites

chef
Just now, CBers said:

Still the same.

 

Okay, I think I found what happened. I just need to fix some naming. 

  • Like 1
Link to comment
Share on other sites

chef

I put 1.0.5.5 into release. 

 - fixed naming problems

- made sure the new chart.js was an embedded resource 

Link to comment
Share on other sites

chef

But... There were changes with how the charts show used/available space....  it is now showing/calculating space in bytes.... I'm going to have to figure that out again. Darn!

I'll do that now.

  • Thanks 1
Link to comment
Share on other sites

chef

Welp! that was sort of a PITA. I had to quickly learn a whole bunch of new stuff. Geesh!

Looks like (from what I can tell) 1.0.5.6 (which has been release) is working. 

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

chef
5 minutes ago, TeamB said:

@chef do you have a link to the security warning for Chart.js

This is what was sent to me.

 

high severity
Vulnerable versions: < 2.9.4
Patched version: 2.9.4

This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.

Link to comment
Share on other sites

TeamB

Prototype pollution looks like it is more of a problem for server side code running in a js node environment on the server, client side JS looks like it is effected also BUT client side JS is susceptible at all the hacking as you can pop open the JS debugger and fiddle with all the things.

However I should still look at updating Playback Reporting, did you have any issues updating the JS Chart lib, are there any big changes?

Edited by TeamB
Link to comment
Share on other sites

chef
48 minutes ago, TeamB said:

Prototype pollution looks like it is more of a problem for server side code running in a js node environment on the server, client side JS looks like it is effected also BUT client side JS is susceptible at all the hacking as you can pop open the JS debugger and fiddle with all the things.

However I should still look at updating Playback Reporting, did you have any issues updating the JS Chart lib, are there any big changes?

Yeah a couple changes. They don't have a complete release build. They expect you to build it with npm.

So I just followed the CDN link and copied the code from there.... 🙃 the disk space plugin didn't need any fancy plugins for chart.js

 

Options have changed for each chart too. But I think that that is what the security problem was referring too, so it was to be expected. Other then that, nothing too crazy.

Probably could have left it, but then the repo would have had a security flag on it... So... Might as well try to fix it.

Edited by chef
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...