From 10ee49cb1a15a2259d199b813511c3e3f98620a5 Mon Sep 17 00:00:00 2001
From: "scotty.b.brown@gmail.com"
 <scotty.b.brown@gmail.com@b87d56ec-f9c0-11de-8c8a-61c5e9addfc9>
Date: Sat, 4 Dec 2010 12:54:05 +0000
Subject: [PATCH] Refactored out the 'commmamd' typos and added a new filter to
 use when checking the details returned from initially hooking a browser.

git-svn-id: https://beef.googlecode.com/svn/trunk@596 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
---
 lib/filter/base.rb           | 6 +++++-
 lib/filter/command.rb        | 6 +++---
 lib/modules/command.rb       | 8 ++++----
 lib/server/commandhandler.rb | 2 +-
 lib/server/inithandler.rb    | 2 +-
 5 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/lib/filter/base.rb b/lib/filter/base.rb
index 2723cf352..e2b3218ee 100644
--- a/lib/filter/base.rb
+++ b/lib/filter/base.rb
@@ -78,7 +78,11 @@ module BeEF
       false
     end
 
-          
+    # check for valid browser details chars
+    def self.has_valid_browser_details_chars?(str)
+      return false if not is_non_empty_string?(str)
+      not (str =~ /[^\w\d\s()-.,;:_\/\302\256]/).nil? # \302\256 is the (r) character 
+    end  
           
 
   end
diff --git a/lib/filter/command.rb b/lib/filter/command.rb
index 20de61c5e..48a0ab4c3 100644
--- a/lib/filter/command.rb
+++ b/lib/filter/command.rb
@@ -11,7 +11,7 @@ module BeEF
     end
 
     # check if the command id valid
-    def self.is_valid_commmamd_id?(str)
+    def self.is_valid_command_id?(str)
       return false if not BeEF::Filter.is_non_empty_string?(str)
       return false if not BeEF::Filter.nums_only?(str)   
       true
@@ -25,13 +25,13 @@ module BeEF
     end
 
     # check if valid command module datastore key
-    def self.is_valid_commmamd_module_datastore_key?(str)
+    def self.is_valid_command_module_datastore_key?(str)
       return false if not BeEF::Filter.is_non_empty_string?(str)
       return BeEF::Filter.has_valid_key_chars?(str)      
     end
 
     # check if valid command module datastore value
-    def self.is_valid_commmamd_module_datastore_param?(str)
+    def self.is_valid_command_module_datastore_param?(str)
       return false if BeEF::Filter.has_null?(str)
       return false if BeEF::Filter.has_non_printable_char?(str)    
       true  
diff --git a/lib/modules/command.rb b/lib/modules/command.rb
index e808be6f9..d5c52532d 100644
--- a/lib/modules/command.rb
+++ b/lib/modules/command.rb
@@ -98,17 +98,17 @@ module BeEF
       
       # get, check and add the http_params to the datastore
       http_params.keys.each {|http_params_key|
-        raise WEBrick::HTTPStatus::BadRequest, "http_params_key is invalid" if not BeEF::Filter.is_valid_commmamd_module_datastore_key?(http_params_key)
+        raise WEBrick::HTTPStatus::BadRequest, "http_params_key is invalid" if not BeEF::Filter.is_valid_command_module_datastore_key?(http_params_key)
         http_params_value = Erubis::XmlHelper.escape_xml(http_params[http_params_key])
-        raise WEBrick::HTTPStatus::BadRequest, "http_params_value is invalid" if not BeEF::Filter.is_valid_commmamd_module_datastore_param?(http_params_value)
+        raise WEBrick::HTTPStatus::BadRequest, "http_params_value is invalid" if not BeEF::Filter.is_valid_command_module_datastore_param?(http_params_value)
         @datastore[http_params_key] = http_params_value # add the checked key and value to the datastore
       }
 
       # get, check and add the http_headers to the datastore
       http_header.keys.each { |http_header_key|
-        raise WEBrick::HTTPStatus::BadRequest, "http_header_key is invalid" if not BeEF::Filter.is_valid_commmamd_module_datastore_key?(http_header_key)
+        raise WEBrick::HTTPStatus::BadRequest, "http_header_key is invalid" if not BeEF::Filter.is_valid_command_module_datastore_key?(http_header_key)
         http_header_value = Erubis::XmlHelper.escape_xml(http_header[http_header_key][0])
-        raise WEBrick::HTTPStatus::BadRequest, "http_header_value is invalid" if not BeEF::Filter.is_valid_commmamd_module_datastore_param?(http_header_value)
+        raise WEBrick::HTTPStatus::BadRequest, "http_header_value is invalid" if not BeEF::Filter.is_valid_command_module_datastore_param?(http_header_value)
         @datastore['http_headers'][http_header_key] = http_header_value # add the checked key and value to the datastore
       }
       
diff --git a/lib/server/commandhandler.rb b/lib/server/commandhandler.rb
index 646be9358..2abd1139b 100644
--- a/lib/server/commandhandler.rb
+++ b/lib/server/commandhandler.rb
@@ -21,7 +21,7 @@ module BeEF
 
       # get and check command id from the request
       command_id  = @request.get_command_id()
-      raise WEBrick::HTTPStatus::BadRequest, "command_id is invalid" if not BeEF::Filter.is_valid_commmamd_id?(command_id)   
+      raise WEBrick::HTTPStatus::BadRequest, "command_id is invalid" if not BeEF::Filter.is_valid_command_id?(command_id)   
 
       # get and check session id from the request
       hook_session_id = request.get_hook_session_id()
diff --git a/lib/server/inithandler.rb b/lib/server/inithandler.rb
index eb6fbf76f..679913037 100644
--- a/lib/server/inithandler.rb
+++ b/lib/server/inithandler.rb
@@ -101,7 +101,7 @@ module BeEF
       escaped_param = CGI.unescapeHTML(b64_param)
       raise WEBrick::HTTPStatus::BadRequest, "Invalid init escaped value" if Filter.has_non_printable_char?(escaped_param)        
       param = Base64.decode64(escaped_param)
-      raise WEBrick::HTTPStatus::BadRequest, "Invalid init value" if Filter.has_non_printable_char?(param)
+      raise WEBrick::HTTPStatus::BadRequest, "Invalid init value" if Filter.has_valid_browser_details_chars?(param)
       param
     end