rzr / webthing-iotjs Goto Github PK

View Code? Open in Web Editor NEW

58.0 10.0 14.0 1.19 MB

IoT.js implementation of WebThing API (based on webthing-node)

Home Page: https://mastodon.social/@rzr/103580872382220227#:WebThingIotJs

License: Mozilla Public License 2.0

JavaScript 83.52% Makefile 15.23% Shell 0.09% Dockerfile 1.16%

iotjs webthing

webthing-iotjs's Introduction

WEBTHING-IOTJS

DISCLAIMER

Webthing-iotjs is derived of webthing-node project (supporting Node.js) but adapted for IoT.js runtime (based on JerryScript engine for constrained devices).

This downstream project plans to keep aligned to upstream and only focus on IoT.js port.

New contributions should be submitted to webthing-node first and then should land here (once rebased on webthing-node's master branch).

BASIC USAGE

After installing IoT.js program on your system, you can get started by running example program

iotjs -h

iotjs example/multiple-things.js
# setting new humidity level: 18.207531485648474

curl T -H 'Content-Type: application/json'  http://localhost:8888/
# [{"name":"My Lamp","href":"/0", (...)  "href":"/1/properties/level"} .. (...) }]

curl T -H 'Content-Type: application/json'  http://$HOSTNAME:8888/1/properties/level
# {"level":42.666}

Then thing can be monitored once connected to WebThings IoT gateway using the WebThings URL adapter.

Also you can control a "Simplest Thing" which is just simulating an actuator (LED, switch, relay...).

iotjs example/simplest-thing.js
# Usage:
#
# iotjs example/simplest-thing.js [port]

curl -X PUT -H 'Content-Type: application/json' --data '{"on": true }' http://localhost:8888/properties/on
# {"on":true}

Then this thing can be connected to gateway, and rules configured to use the actuator.

GUIDE

For more insights and details please follow guide about setting up gateway, IoT.js and demos howtos:

https://github.com/rzr/webthing-iotjs/wiki

REFERENCES

LICENSE

webthing-iotjs's People

Contributors

Stargazers

Watchers

Forkers

tizenteam samsungresearchuk-iot-meetup ziransun jason420247 emuhedo cmariegallegos jningtho jayd2446 sts0mrg0 surfndez munyola 5l1v3r1 cbiale

webthing-iotjs's Issues

CVE-2020-28500 (Medium) detected in lodash-4.17.20.tgz - autoclosed

CVE-2020-28500 - Medium Severity Vulnerability

Vulnerable Library - lodash-4.17.20.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz

Path to dependency file: webthing-iotjs/package.json

Path to vulnerable library: webthing-iotjs/node_modules/lodash/package.json

Dependency Hierarchy:

eslint-7.14.0.tgz (Root Library)
- ❌ lodash-4.17.20.tgz (Vulnerable Library)

Found in HEAD commit: a0626310985bac607c9ddb6e635aa0586cd053e6

Found in base branch: master

Vulnerability Details

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

Publish Date: 2021-02-15

URL: CVE-2020-28500

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500

Release Date: 2021-02-15

Fix Resolution: lodash-4.17.21

Step up your Open Source Security Game with WhiteSource here

WiFi fails on booting IoT WoT example on Artik053 board.

TASH>>reboot�

U-Boot 2017.01-g59977f7 (Nov 23 2017 - 16:09:49 +0900)

CPU: Exynos200 @ 320 MHz
Model: ARTIK-053 based on Exynos T20
DRAM: 946 KiB
WARNING: Caches not enabled
BL1 released at 2017-3-13 15:00
SSS released at 2017-09-12
WLAN released at 2017-11-30
Flash: 8 MiB
*** Warning - bad CRC, using default environment

In: serial@80180000
Out: serial@80180000
Err: serial@80180000
Hit any key to stop autoboot: 0
gpio: pin gpg16 (gpio 46) value is 1

Starting application at 0x040Cx020 ...

Integration in system/distro [meta]

Meta issue to track integration in other platforms for easier use

It depends on iotjs snapshot version

If any interest please comment

Relate-to: https://github.com/rzr/webthing-iotjs/wiki/IotJs

Blocked-by: Samsung/TizenRT#2018

CVE-2020-28469 (High) detected in glob-parent-5.1.1.tgz - autoclosed

CVE-2020-28469 - High Severity Vulnerability

Vulnerable Library - glob-parent-5.1.1.tgz

Extract the non-magic parent path from a glob string.

Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.1.tgz

Path to dependency file: webthing-iotjs/package.json

Path to vulnerable library: webthing-iotjs/node_modules/glob-parent/package.json

Dependency Hierarchy:

eslint-7.14.0.tgz (Root Library)
- ❌ glob-parent-5.1.1.tgz (Vulnerable Library)

Found in HEAD commit: a0626310985bac607c9ddb6e635aa0586cd053e6

Found in base branch: master

Vulnerability Details

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.

Publish Date: 2021-06-03

URL: CVE-2020-28469

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28469

Release Date: 2021-06-03

Fix Resolution: glob-parent - 5.1.2

Step up your Open Source Security Game with WhiteSource here

CVE-2021-35065 (High) detected in glob-parent-5.1.2.tgz - autoclosed

CVE-2021-35065 - High Severity Vulnerability

Vulnerable Library - glob-parent-5.1.2.tgz

Extract the non-magic parent path from a glob string.

Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/glob-parent/package.json

Dependency Hierarchy:

eslint-7.14.0.tgz (Root Library)
- ❌ glob-parent-5.1.2.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

The package glob-parent before 6.0.1 are vulnerable to Regular Expression Denial of Service (ReDoS)

Publish Date: 2021-06-22

URL: CVE-2021-35065

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-cj88-88mr-972w

Release Date: 2021-06-22

Fix Resolution (glob-parent): 6.0.1

Direct dependency fix Resolution (eslint): 8.0.0

Step up your Open Source Security Game with Mend here

CVE-2021-23337 (High) detected in lodash-4.17.20.tgz - autoclosed

CVE-2021-23337 - High Severity Vulnerability

Vulnerable Library - lodash-4.17.20.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz

Path to dependency file: webthing-iotjs/package.json

Path to vulnerable library: webthing-iotjs/node_modules/lodash/package.json

Dependency Hierarchy:

eslint-7.14.0.tgz (Root Library)
- ❌ lodash-4.17.20.tgz (Vulnerable Library)

Found in HEAD commit: a0626310985bac607c9ddb6e635aa0586cd053e6

Found in base branch: master

Vulnerability Details

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

Publish Date: 2021-02-15

URL: CVE-2021-23337

CVSS 3 Score Details (7.2)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: lodash/lodash@3469357

Release Date: 2021-02-15

Fix Resolution: lodash - 4.17.21

Step up your Open Source Security Game with WhiteSource here

[Security] Workflow fediverse-action.yml is using vulnerable action actions/checkout

The workflow fediverse-action.yml is referencing action actions/checkout using references v1. However this reference is missing the commit a6747255bd19d7a757dbdda8c654a9f84db19839 which may contain fix to the some vulnerability.
The vulnerability fix that is missing by actions version could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider to update the reference to the action.

STM32 support is missing

Our financial instruments use STM32F (and we're trying to integrate STM32L.) The secure signing devices would benefit from this framework, but it is not supported on any STM32 MCU.

Please port IoT WoT to the STM32 (for example STM32F205RET6.)

Board freezes after a few minutes. No logs appear from button press

After flashing a fresh image and setting up WiFi the board boots properly.
However the log message that appears when pressing the test buttons that should put out a log:

TASH>>\0x00log: GPIO: LeftButton: change: false
log: GPIO: LeftButton: change: true
log: GPIO: RightButton: change: false
log: GPIO: RightButton: change: true

no longer work after about 5 minutes.
There is also no command processing in the shell. i.e. when you type TASH>> help
you should get a list of commands that can by used. On my terminal emulator 'cutecom' there is nothing being produced by the logs.
There is a 'bad sync' error that seems to appear:

U-Boot 2017.01-g59977f7 (Nov 23 2017 - 16:09:49 +0900)

In: serial@80180000
Out: serial@80180000
Err: serial@80180000
Hit any key to stop autoboot: 0
gpio: pin gpg16 (gpio 46) value is 1

Starting application at 0x040C\0xb8020 ...

s5j_sflash_init: FLASH Quad Enabled
uart_register: Registering /dev/console
uart_register: Registering /dev/ttyS0
uart_register: Registering /dev/ttyS1
uart_register: Registering /dev/ttyS2
uart_register: Registering /dev/ttyS3
uart_register: Registering /dev/ttyS4
System Information:
\0x09Version: 2.0
\0x09Commit Hash: eec74f072c1dd16c9713862850bc5ff3393e5209
\0x09Build User: nherriot@Zenbook-UX32A
\0x09Build Time: 2018-10-09 15:53:51
\0x09System Time: 01 Jan 2010, 00:00:00 [s] UTC Hardware RTC Support
TASH>>\0x00log: iotjs_startup_wifi_connect
log: Connecting to SSID "srbackup" (4+5)
log: Wait (1/3) sec...
i2c_uioregister: Registering /dev/i2c-0
i2c_uioregister: Registering /dev/i2c-1
log: Wait (2/3) sec...
log: Wait (3/3) sec...
[WM] T7 _handle_request:1334 state(0) evt(0)
[WM] T7 _handler_on_uninitialized_state:887 state(0) evt(0)
Starting supplicant in foreground...
1262304003.123427: Successfully initialized wpa_supplicant
1262304006.206938: wl1: callling L2_packet_init:
1262304006.206938: wl1: Own MAC address: 28:6d:97:40:15:96
[WM] T7 <-- _handle_request
[WM] T7 _handle_request:1334 state(1) evt(4)
[WM] T7 _handler_on_disconnected_state:943 state(1) evt(4)
[WM] T7\0x09_wifimgr_connect_ap:744
[WM] T7\0x09_wifimgr_save_connected_config:733
[WM] T7 <-- _handle_request
1262304008.142864: wl1: Associated with 0c:68:03:ca:46:e7
1262304008.162822: wl1: WPA: Key negotiation completed with 0c:68:03:ca:46:e7 [PTK=CCMP GTK=CCMP]
1262304008.162822: wl1: CTRL-EVENT-CONNECTED
[WM] T12\0x09_wifi_utils_connect_event:834
[WM] T12 _handle_request:1334 state(3) evt(9)
[WM] T12 _handler_on_connecting_state:1011 state(3) evt(9)
[WM] IP address : 192.168.110.197 ----
[WM] T12\0x09_handle_user_cb:1269
[WM] call sta connect success event
log: iotjs_startup_wifi_sta_connected status=0x0
[WM] T12 <-- _handle_request
log: IoT.js app: Starting:
{
"env": {
"HOME": "",
"IOTJS_PATH": "/rom",
"IOTJS_ENV": "",
"IOTJS_EXTRA_MODULE_PATH": "",
"IOTJS_WORKING_DIR_PATH": ""
},
"builtin_modules": {
"adc": true,
"assert": true,
"buffer": true,
"console": true,
"dgram": true,
"dns": true,
"events": true,
"fs": true,
"gpio": true,
"http": true,
"http_client": true,
"http_common": true,
"http_incoming": true,
"http_outgoing": true,
"http_server": true,
"https": true,
"i2c": true,
"iotjs": true,
"module": true,
"net": true,
"pwm": true,
"spi": true,
"stream": true,
"stream_duplex": true,
"stream_internal": true,
"stream_readable": true,
"stream_writable": true,
"timers": true,
"tls": true,
"uart": true,
"util": true,
"constants": true,
"http_parser": true,
"process": true,
"tcp": true,
"udp": true
},
"platform": "tizenrt",
"arch": "arm",
"version": "1.0.0",
"iotjs": {
"board": "artik05x"
},
"argv": [
"iotjs",
"/rom/example/index.js"
],
"_events": {},
"exitCode": 0,
"_exiting": false
}
log: IoT.js app: Loading: /rom/iotjs-modules/webthing-iotjs/example/platform/index.js
log: board: artik05x: Loading
Usage:
iotjs /rom/example/index.js [board] [port]
Try:
curl -H "Accept: application/json" http://localhost:8888

log: board: artik05x: Started
log: GPIO: BlueLed: open: null
log: GPIO: RedLed: open: null
log: GPIO: LeftButton: open: null (null expected)
log: GPIO: RightButton: open: null (null expected)
log: ADC: ADC1: open: null (null expected)
log: ADC: ADC2: open: null (null expected)
log: GPIO: LeftButton: change: true
log: GPIO: RightButton: change: true
log: ADC: ADC1: change: 0%
log: ADC: ADC2: change: 0%
help
\0x09 TASH command list
\0x09 --------------------
cat cd date df
dhcpd echo exit free
getenv heapinfo hello help
ifconfig ifdown ifup iotjs
iotjs_startup iperf kill killall
logm ls mkdir mkrd
mksmartfs mount netmon ping
ps pwd ramtest reboot
rm rmdir setenv sleep
stkmon umount unsetenv uptime
wifi
TASH>>\0x00
TASH>>\0x00log: GPIO: LeftButton: change: false
log: GPIO: LeftButton: change: true
log: GPIO: RightButton: change: false
log: GPIO: RightButton: change: true
input_irq_handler: input_irq_handler: Bad sync in header: header=0x96690002
input_irq_handler: input_irq_handler: Bad sync in header: header=0x05b0bc8c
input_irq_handler: input_irq_handler: Bad sync in header: header=0x00000a8f

rzr / webthing-iotjs Goto Github PK

webthing-iotjs's Introduction

WEBTHING-IOTJS

DISCLAIMER

BASIC USAGE

GUIDE

REFERENCES

LICENSE

webthing-iotjs's People

Contributors

Stargazers

Watchers

Forkers

webthing-iotjs's Issues

CVE-2020-28500 - Medium Severity Vulnerability

Starting application at 0x040Cx020 ...

CVE-2020-28469 - High Severity Vulnerability

CVE-2021-35065 - High Severity Vulnerability

CVE-2021-23337 - High Severity Vulnerability

Starting application at 0x040C\0xb8020 ...

Recommend Projects

Recommend Topics

Recommend Org