Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

A useragent that contains the string "Sam" is registered as a Samsung device #454

Closed
cbachelor opened this issue Oct 30, 2020 · 0 comments
Closed

Comments

@cbachelor
Copy link

Repro steps:

  • Navigate to the demo http://faisalman.github.io/ua-parser-js/
  • Copy any one of the common user agent strings (e.g. Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.5) Gecko/20050603 Netscape/8.0.2)
  • Add the string sam in the middle of one of the browser/engines (e.g. Mosamzilla/5.0 (Windows; U; Win98; en-US; rv:1.7.5) Gecko/20050603 Netscape/8.0.2)

The useragent is registered as a Samsung mobile device. While the example is a bit contrived, for custom user agent strings it would be nice if the pattern matching for a Samsung device checked the whole string Samsung rather than Sam to prevent name collisions.

smoroz pushed a commit to optimizely/ua-parser-js that referenced this issue Feb 3, 2023
* FIX: Wechat Desktop for Windows compatible with new version

* Move to check typeof for window for different envs

* Fix faisalman#413 Bug resulting Motorola model O

* Fix faisalman#367 faisalman#425 Detect Instagram in-app browser

* Add funding support links

* Fix faisalman#450 Sony Xperia Z2 Tablet

* Fix faisalman#454 Improve Samsung detection

* Add Nintendo Switch

* Fix faisalman#366 Amazon Alexa Echo Show

* Fix faisalman#339 Add Weibo

* Fix faisalman#407 ZTE Nubia misidentified as Nextbook Tablet

* FIX: new wechat desktop's unsafe regex

* Fix faisalman#433 faisalman#434 Huawei devices

* Fix faisalman#475 Nokia version incomplete

* Fix faisalman#470 Identify Android TV as SmartTV

* Latest Xperia lineup

* Fix faisalman#430 Playstation 5

* Fix faisalman#449 Lenovo Tablet

* Casually save some bytes

* Fix faisalman#401 Rearrange the order of regexes to improve hit-rate performance

* Fix faisalman#427 - Trying GitHub Actions

* Change mocha reporter for CI

* Action doesn't work, should be under /.github/workflows folder perhaps

* Fix faisalman#438 Add Zebra devices

* Update README contents & structures

* Enforce maximum limit to user-agent input

* Move documentation upwards and..mAkE tHe LoG0 BiG99eR!!1!1!

* Add CDN links & insert npm fund

* Fix faisalman#422 Add ARMHF in CPU Arch detection

* Fix faisalman#279 Remap old Edge versions <= 44 as suggested by @mikemaccana @callaginn

* Fix faisalman#448 Add AT&T & Vodafone devices

* Fix faisalman#209 Add CHANGELOG

* Add Electron

* Simplify Huawei detection

* Release as 0.7.25

* Refine some OS detection

* Add new OS: Raspbian

* Add Device: Surface Duo

* Add some test cases for Samsung, Huawei, Xiaomi

* Detect ARMEABI as ARM

* Casually save some bytes

* Refine some detection with more test cases

* Add new device.vendor: Vivo

* Fix faisalman#342 - Enforce all regexes to comply with safe-regex as a safeguard against possible ReDoS vulnerability

* Fix regexes that were marked as unsafe by safe-regex module

* Refine device detection with more test cases

* Add new device.vendor: Realme

* Release as 0.7.26

* Better tablet detection:
- Huawei MediaPad M/T
- Galaxy Tab SM-P
- Kindle Fire without Silk

* Better tablet detection:
- Fix lenovo phone / tablet detection

* Better tablet detection - Build.

* Better tablet detection:
- iPad using Facebook browser on some occasions
- More Huawei tablets
- Asus ZenPad Z8s (P00J)

* Small refactor

* Add new Engine & Browser: Flow

* Add new browser: Firefox Reality

* Add new device: Fairphone

* Add string check to setUA method

* Release as 0.7.27

* More test for latest phones with unique form factor (fold/flip/qwerty/swivel)

* Add new device & browser: Tesla

* Minor rearrangement

* More test for tablet devices

* Update contributor list

* Fix faisalman#492 LG TV WebOS detection

* Delete redundant code

* Refactor code: saving bytes towards 15KB minified

* Update readme: use https for demo link

* Test for Firefox UAs, add new browser: Klar, add new OS: Maemo

Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent/Firefox

* Revert breaking fix faisalman#279 and release as 0.7.28

* Improve detection rule for Mac on PowerPC

* Improve device detection: categorize PDA as mobile

* Improve browser detection: Netscape with version

* Improve os detection: Windows Mobile without version

* Add new OS: HP-UX

* Add new browsers: Obigo, UP.Browser

* Add new device vendor: Roku

Source: https://github.com/WhichBrowser/Parser-PHP/blob/master/tests/data/television/roku.yaml

* Refine some OS detection

Source:
- https://www.zytrax.com/tech/web/browser_ids.htm
- https://developers.whatismybrowser.com/useragents/explore/operating_system_name/

* Remove oldEdge map

* Replace `\s` with space, saving ~0,3KB

* ES3 compat-fix: remove trailing comma

* Improve device detection: Huawei, Xiaomi, Realme, LG, OnePlus, ASUS, ZTE, Fairphone

* Improve CPU detection for ARM64

* Improve device detection: LG Android TV

* Add new OS: Android-x86, Deepin, elementary OS, GhostBSD, Linspire, Manjaro, Sabayon

User-Agent source: whatismybrowser.com

* Fix faisalman#500 Sharp devices misjudged as Huawei devices

* Fix faisalman#506 - add test for Huawei ART-L29

* Fix faisalman#509 add support for Internet Explorer 8

* Create SECURITY.md

A simple instruction for security researchers.

* Improve regex efficiency when trimming long ua string

https://blog.stevenlevithan.com/archives/faster-trim-javascript

* Add Huawei models

* Sony Xperia 1ii

* Samsung Galaxy S20 5G

* Add different oculus browser

* Oculus devices

* cleanup

* cleanup

* change to single line regex

* Enable to detect OPPO Reno5 A correctly.

* Securing the 0.7.x version (issue faisalman#536)

* Securing the 0.8.x version (issue faisalman#536)

* Securing the 1.x version (issue faisalman#536)

* feat: require the use of `===` and `!==`

* Update ua-parser.js

* ✨ Use AST to verify whether regexes are safe

* Bump version 0.7.31

* Fix faisalman#559: Sony Xperia 1 III misidentified as Acer tablet

* Fix faisalman#533: Detect Sony BRAVIA as SmartTV

* Fix faisalman#562 - Xiaomi Mi CC9

* Fix faisalman#561 - Increase UA_MAX_LENGTH to 275

* pr feedback

* v100 tests

* Add support for HuaweiBrowser

* update readme

* package.json: specify the folders to include

* add KakaoTalk App, KakaoStory App regex

* Add Kakao App, Naver App

* Add iOS Naver, Kakao regex

* fix browser-test typo

* Add LinkedIn app.

* Rename 'HuaweiBrowser' to 'Huawei Browser'

* Fix faisalman#565 - Add new OS: HarmonyOS

* Fix faisalman#558 - WeGame mistakenly identified as WeChat

* Increase UA_MAX_LENGTH to 350

* Fix faisalman#532 - Detect Xiaomi Mi TV as smarttv

* Fix faisalman#513 - Add new browser: DuckDuckGo

* Fix faisalman#516 - Add Focus into list of possible browser.name

* ci: add GitHub token permissions for workflow

Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>

* fixed sony bravia smart tv, added sharp AQUOS TV

* Safari and Mobile Safari began to include commas in the minor version numbers.

* Fix faisalman#502 faisalman#580 : Add notice for desktop device type

* Refine small redundancy

* Fix faisalman#596 - Detect Galaxy Tab S8 as tablet

* Add test case

* improved documentation

* Bump version 0.7.32

* Add new browser: Cobalt

* Fix documentation

`readme.md` refers to a `parser.getResults` function, which does not exist. This PR corrects the function name to `getResult`.

* Support Panasonic Viera Smart TVs

* Support Panasonic 2018+ smart tvs

* Add test for panasonic 2020 smart tv

* Add test for panasonic SAT receiver

* Support Loewe Smart TVs

* Add tests for JVC smart tvs

* Support philips smart tvs

* Add samsung testcases

* Add support for TechniSAT TVs and SATs

* Fix faisalman#605 - Identify Macintosh as Apple device

* Remove unsafe regex in trim() function

`trim()` function contains a regular expression that is vulnerable to ReDoS but was uncaught by `safe-regex` module.

* Bump version 0.7.33

* Fix faisalman#557 faisalman#612 faisalman#629 - Update the changelog

* Fix faisalman#621 - Detect Oculus Quest Pro

* Utilize navigator.userAgentData as a fallback faisalman#588

* Improve Kakao/Naver detection + add test

* Fix faisalman#619 - Move Sharp up to be checked before Huawei

* Rearrange the recently added smarttv detection

* Fix faisalman#620 - Add new Device: Kobo

* Fix faisalman#601 - Detect Chrome OS without version

* Update manifest

* fix: Don't act as a jQuery plugin

* build: 0.7.24 custom version

* Rebuilt min versions

---------

Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
Co-authored-by: ruicong <466403866@qq.com>
Co-authored-by: David Annez <david.annez@gmail.com>
Co-authored-by: Faisal Salman <f@faisalman.com>
Co-authored-by: sUP <dani3l@gmail.com>
Co-authored-by: o.drapeza <o.drapeza@tinkoff.ru>
Co-authored-by: liujunlve <liujunlve@henhaoji.com>
Co-authored-by: Ziding Zhang <zidingz@gmail.com>
Co-authored-by: Paris Morgan <paris@8thwall.com>
Co-authored-by: Ryohei Shima <shima01dev@gmail.com>
Co-authored-by: chenhui9279 <chenhui9279@autohome.com.cn>
Co-authored-by: sunny-mwx <30586210+sunny-mwx@users.noreply.github.com>
Co-authored-by: Hans Ott <hansott@hotmail.be>
Co-authored-by: XhmikosR <xhmikosr@gmail.com>
Co-authored-by: KnifeLemon <role___play@naver.com>
Co-authored-by: Dante <duanjl.china@gmail.com>
Co-authored-by: JBYoshi <12983479+JBYoshi@users.noreply.github.com>
Co-authored-by: Varun Sharma <varunsh@stepsecurity.io>
Co-authored-by: Jacky Choo <jackychoo@adly-macbook.local>
Co-authored-by: nabetama <mao.nabeta@gmail.com>
Co-authored-by: kNoAPP <alldoneb@gmail.com>
Co-authored-by: Mok <mok@moekm.com>
Co-authored-by: Oscar Becerra <oscarbecerra@google.com>
Co-authored-by: Riley Shaw <rileyjshaw@users.noreply.github.com>
Co-authored-by: Garrit Franke <garrit@slashdev.space>
Co-authored-by: Garrit Franke <32395585+garritfra@users.noreply.github.com>
Co-authored-by: smoroz <smoroz>
Co-authored-by: Spencer Wilson <spencer.wilson@optimizely.com>
Co-authored-by: Luis Rivas <luis.rivas024@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant