From 1f61418c879e003b74a381b9589fd07162a3cc29 Mon Sep 17 00:00:00 2001 From: passbe Date: Thu, 29 Sep 2011 23:48:20 +0000 Subject: [PATCH] Commented all ruby patches git-svn-id: https://beef.googlecode.com/svn/trunk@1321 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9 --- core/ruby/hash.rb | 6 +- core/ruby/module.rb | 64 ++++--------------- core/ruby/object.rb | 50 ++------------- core/ruby/patches/dm-do-adapter/adapter.rb | 11 ++-- core/ruby/patches/webrick/cookie.rb | 5 +- core/ruby/patches/webrick/genericserver.rb | 13 ++-- core/ruby/patches/webrick/httprequest.rb | 52 ++++++--------- core/ruby/patches/webrick/httpresponse.rb | 25 +++----- .../webrick/httpservlet/filehandler.rb | 8 ++- core/ruby/patches/webrick/httputils.rb | 6 +- core/ruby/print.rb | 33 ++++------ core/ruby/string.rb | 12 ++-- 12 files changed, 93 insertions(+), 192 deletions(-) diff --git a/core/ruby/hash.rb b/core/ruby/hash.rb index 97f7725fd..fdf3090a4 100644 --- a/core/ruby/hash.rb +++ b/core/ruby/hash.rb @@ -15,7 +15,11 @@ # class Hash - # http://snippets.dzone.com/posts/show/4706 + # Recursively deep merge two hashes together + # @param [Hash] hash Hash to be merged + # @return [Hash] Combined hash + # @note Duplicate keys are overwritten by the value defined in the hash calling deep_merge (not the parameter hash) + # @note http://snippets.dzone.com/posts/show/4706 def deep_merge(hash) target = dup hash.keys.each do |key| diff --git a/core/ruby/module.rb b/core/ruby/module.rb index 03d34a316..f0214a92f 100644 --- a/core/ruby/module.rb +++ b/core/ruby/module.rb @@ -14,25 +14,9 @@ # limitations under the License. # class Module - # Returns the classes in the current ObjectSpace where this module has been - # mixed in according to Module#included_modules. - # - # module M - # end - # - # module N - # include M - # end - # - # class C - # include M - # end - # - # class D < C - # end - # - # p M.included_in_classes # => [C, D] - # + + # Returns the classes in the current ObjectSpace where this module has been mixed in according to Module#included_modules. + # @return [Array] An array of classes def included_in_classes classes = [] ObjectSpace.each_object(Class) { |k| classes << k if k.included_modules.include?(self) } @@ -42,19 +26,9 @@ class Module unique_classes end end - - # Returns the modules in the current ObjectSpace where this module has been - # mixed in according to Module#included_modules. - # - # module M - # end - # - # module N - # include M - # end - # - # p M.included_in_modules # => [N] - # + + # Returns the modules in the current ObjectSpace where this module has been mixed in according to Module#included_modules. + # @return [Array] An array of modules def included_in_modules modules = [] ObjectSpace.each_object(Module) { |k| modules << k if k.included_modules.include?(self) } @@ -65,30 +39,14 @@ class Module end end - # - # module M - # end - # - # module N - # extend M - # end - # - # p N.extended_modules # => [M] - # + # Returns the modules extended inside the target module + # @return [Array] Array of modules def extended_modules (class << self; self end).included_modules end - # - # module M - # end - # - # module N - # extend M - # end - # - # p M.extended_in_modules # => [N] - # + # Returns the modules extending the target module + # @return [Array] Array of modules def extended_in_modules modules = [] ObjectSpace.each_object(Module) { |k| modules << k if k.extended_modules.include?(self) } @@ -98,4 +56,4 @@ class Module unique_modules end end -end \ No newline at end of file +end diff --git a/core/ruby/object.rb b/core/ruby/object.rb index d60bba4f9..a792e91ca 100644 --- a/core/ruby/object.rb +++ b/core/ruby/object.rb @@ -15,72 +15,34 @@ # class Object - # # Returns true if the object is a Boolean - # - # Example: - # - # a = true - # b = false - # c = 1234 # Integer - # - # a.boolean? # => true - # b.boolean? # => false - # c.boolean? # => false - # + # @return [Boolean] Whether the object is boolean def boolean? self.is_a?(TrueClass) || self.is_a?(FalseClass) end - # # Returns true if the object is a String - # - # Example: - # - # 1.string? # => false - # 'abc'.string? # => true - # + # @return [Boolean] Whether the object is a string def string? self.is_a?(String) end - # # Returns true if the object is an Integer - # - # Example: - # - # 1.integer? # => true - # 'abc'.integer? # => false - # + # @return [Boolean] Whether the object is an integer def integer? self.is_a?(Integer) end - # # Returns true if the object is a hash - # - # Example: - # - # {}.hash? # => true - # 1.hash? # => false - # + # @return [Boolean] Whether the object is a hash def hash? self.is_a?(Hash) end - # # Returns true if the object is a class - # - # Example: - # - # class A - # end - # - # obj = A.new - # obj.class? # => true - # + # @return [Boolean] Whether the object is a class def class? self.is_a?(Class) end -end \ No newline at end of file +end diff --git a/core/ruby/patches/dm-do-adapter/adapter.rb b/core/ruby/patches/dm-do-adapter/adapter.rb index 763c20383..fd701ff4c 100644 --- a/core/ruby/patches/dm-do-adapter/adapter.rb +++ b/core/ruby/patches/dm-do-adapter/adapter.rb @@ -13,13 +13,13 @@ # See the License for the specific language governing permissions and # limitations under the License. # -# The following file contains patches for DataMapper Data Objects Adapter (dm-do-adapter) -# This patch fixes the following error: -# DataObjects::URI.new with arguments is deprecated, use a Hash of URI components (/home/username/.rvm/gems/ruby-1.9.2-p290/gems/dm-do-adapter-1.1.0/lib/dm-do-adapter/adapter.rb:231:in `new') -# The error is patched in dm-do-adapter 1.1.1 however it has yet to be released. -# Patch: https://github.com/datamapper/dm-do-adapter/commit/7f0b53d1ada8735910e04ff37d60c6ff037ce288 +# @note The following file contains patches for DataMapper Data Objects Adapter (dm-do-adapter) +# This patch fixes the following error: +# DataObjects::URI.new with arguments is deprecated, use a Hash of URI components (/home/username/.rvm/gems/ruby-1.9.2-p290/gems/dm-do-adapter-1.1.0/lib/dm-do-adapter/adapter.rb:231:in `new') +# The error is patched in dm-do-adapter 1.1.1 however it has yet to be released. +# Patch: https://github.com/datamapper/dm-do-adapter/commit/7f0b53d1ada8735910e04ff37d60c6ff037ce288 =begin Deleted: @@ -53,7 +53,6 @@ module DataMapper module Adapters class DataObjectsAdapter < AbstractAdapter - # @api private def normalized_uri @normalized_uri ||= begin diff --git a/core/ruby/patches/webrick/cookie.rb b/core/ruby/patches/webrick/cookie.rb index 6e6a471fb..4217628fb 100644 --- a/core/ruby/patches/webrick/cookie.rb +++ b/core/ruby/patches/webrick/cookie.rb @@ -13,12 +13,13 @@ # See the License for the specific language governing permissions and # limitations under the License. # -# The following file contains patches for WEBrick. module WEBrick class Cookie attr_accessor :httponly + # Convert cookie object to a string representation + # @return [String] ret String of information about cookie def to_s ret = "" ret << @name << "=" << @value @@ -35,4 +36,4 @@ module WEBrick end -end \ No newline at end of file +end diff --git a/core/ruby/patches/webrick/genericserver.rb b/core/ruby/patches/webrick/genericserver.rb index 65cb136d3..1e12898db 100644 --- a/core/ruby/patches/webrick/genericserver.rb +++ b/core/ruby/patches/webrick/genericserver.rb @@ -13,18 +13,17 @@ # See the License for the specific language governing permissions and # limitations under the License. # -# The following file contains patches for WEBrick. module WEBrick class HTTPServer < ::WEBrick::GenericServer - # I'm patching WEBrick so it does not log http requests anymore. - # The reason being that it seems to considerably slow down BeEF which receives - # numerous requests simultaneously. Additionally, it was also found to crash - # the thread when not being able to write to the log file (which happened when - # overloaded). + # @note I'm patching WEBrick so it does not log http requests anymore. + # The reason being that it seems to considerably slow down BeEF which receives + # numerous requests simultaneously. Additionally, it was also found to crash + # the thread when not being able to write to the log file (which happened when + # overloaded). def access_log(config, req, res); return; end end -end \ No newline at end of file +end diff --git a/core/ruby/patches/webrick/httprequest.rb b/core/ruby/patches/webrick/httprequest.rb index a55657630..031344adb 100644 --- a/core/ruby/patches/webrick/httprequest.rb +++ b/core/ruby/patches/webrick/httprequest.rb @@ -13,23 +13,19 @@ # See the License for the specific language governing permissions and # limitations under the License. # -# The following file contains patches for WEBrick. module WEBrick class HTTPRequest - # I'm patching the HTTPRequest class so that it when it receives POST - # http requests, it parses the query present in the body even if the - # content type is not set. - # - # The reason for this patch is that when a zombie sends back data to - # BeEF, that data was not parsed because by default the content-type - # was not set directly. I prefer patching WEBrick rather than editing - # the BeEFJS library because cross domain http requests would be harder - # to implement at the server level. - # - # Note: this function would need to be modified if we ever needed to - # use multipart POST requests. + # @note I'm patching the HTTPRequest class so that it when it receives POST + # http requests, it parses the query present in the body even if the + # content type is not set. + # The reason for this patch is that when a zombie sends back data to + # BeEF, that data was not parsed because by default the content-type + # was not set directly. I prefer patching WEBrick rather than editing + # the BeEFJS library because cross domain http requests would be harder + # to implement at the server level. + # @note This function would need to be modified if we ever needed to use multipart POST requests. def parse_query() begin if @request_method == "GET" || @request_method == "HEAD" @@ -47,51 +43,45 @@ module WEBrick end end + # Get cookie value + # @param [String] name Key name + # @return [String] Value stored against the key name or nil if not found def get_cookie_value(name) - return nil if name.nil? - @cookies.each{|cookie| c = WEBrick::Cookie.parse_set_cookie(cookie.to_s) return c.value if (c.name.to_s.eql? name) } - nil - end + # Get Referrer domain name + # @return [String] Domain name or nil def get_referer_domain - referer = header['referer'][0] - if referer =~ /\:\/\/([0-9a-zA-A\.]*(\:[0-9]+)?)\// return $1 end - nil - end + # Get hook session id + # @return [String] Hook session id or nil def get_hook_session_id() - config = BeEF::Core::Configuration.instance hook_session_name = config.get('beef.http.hook_session_name') - @query[hook_session_name] || nil - end - # return the command module command_id value from the request + # Return the command module command_id value from the request + # @return [String] Command module id or nil def get_command_id() @query['command_id'] || nil end - # - # Attack vectors send through the Requester/Proxy by default are parsed as Bad URIs, and not sent. - # For example: request like the following: http://192.168.10.128/dvwa/vulnerabilities/xss_r/?name=ciccioba83e7918817a3ad - # is blocked (ERROR bad URI) - # We're overwriting the URI Parser UNRESERVED regex to prevent such behavior (see tolerant_parser) - # + # @note Attack vectors send through the Requester/Proxy by default are parsed as Bad URIs, and not sent. + # For example: request like the following: http://192.168.10.128/dvwa/vulnerabilities/xss_r/?name=ciccioba83e7918817a3ad is blocked (ERROR bad URI) + # We're overwriting the URI Parser UNRESERVED regex to prevent such behavior (see tolerant_parser) def parse_uri(str, scheme="http") if @config[:Escape8bitURI] str = HTTPUtils::escape8bit(str) diff --git a/core/ruby/patches/webrick/httpresponse.rb b/core/ruby/patches/webrick/httpresponse.rb index fa18486b3..006766e5b 100644 --- a/core/ruby/patches/webrick/httpresponse.rb +++ b/core/ruby/patches/webrick/httpresponse.rb @@ -13,21 +13,17 @@ # See the License for the specific language governing permissions and # limitations under the License. # -# The following file contains patches for WEBrick. module WEBrick class HTTPResponse - # # Add/Update HTTP response headers with those contained in original_headers Hash - # + # @param [Hash] original_headers Hash of headers def override_headers(original_headers) original_headers.each{ |key, value| @header[key.downcase] = value } end - # - # set caching headers none - # + # Set caching headers none def set_no_cache() @header['ETag'] = nil @header['Last-Modified'] = Time.now + 100**4 @@ -36,12 +32,14 @@ module WEBrick @header['Pragma'] = 'no-cache' end - # - # set the cookie in the response - # Limit: only one set-cookie will be within the response - # + # Set the cookie in the response + # @param [String] name Name of the cookie + # @param [String] value Value of the cookie + # @param [String] path Path of the cookie + # @param [Boolean] httponly If the cookie is HTTP only + # @param [Boolean] secure If the cookie is secure only + # @note Limit: only one set-cookie will be within the response def set_cookie(name, value, path = '/', httponly = true, secure = true) - cookie = WEBrick::Cookie.new(name, value) cookie.path = path cookie.httponly = httponly @@ -51,10 +49,7 @@ module WEBrick @header['Set-Cookie'] = cookie.to_s end - # - # This patch should prevent leakage of directory listing, access - # auth errors, etc. - # + # @note This patch should prevent leakage of directory listing, access auth errors, etc. def set_error(ex, backtrace=false) # set repsonse headers diff --git a/core/ruby/patches/webrick/httpservlet/filehandler.rb b/core/ruby/patches/webrick/httpservlet/filehandler.rb index e19ad0e60..74b4eb252 100644 --- a/core/ruby/patches/webrick/httpservlet/filehandler.rb +++ b/core/ruby/patches/webrick/httpservlet/filehandler.rb @@ -20,7 +20,9 @@ module HTTPServlet class FileHandler - # prevent directory traversal attacks + # Prevent directory traversal attacks + # @param [Object] req Request object + # @param [Object] res Response object def prevent_directory_traversal(req, res) raise WEBrick::HTTPStatus::BadRequest, "null character in path" if has_null?(req.path_info) @@ -33,7 +35,9 @@ module HTTPServlet req.path_info = expanded end - # checks if a string contains null characters + # Checks if a string contains null characters + # @param [String] str String to test for null characters + # @param [Boolean] Whether the string has null characters def has_null? (str) str.split(//).each {|c| return true if c.eql?("\000") diff --git a/core/ruby/patches/webrick/httputils.rb b/core/ruby/patches/webrick/httputils.rb index 24348f945..b00c64bd8 100644 --- a/core/ruby/patches/webrick/httputils.rb +++ b/core/ruby/patches/webrick/httputils.rb @@ -13,12 +13,14 @@ module WEBrick module HTTPUtils - # Add support for additional mime types + # Add support for additional mime types + # @param [String] filename Filename + # @param [Hash] mime_tab Mime Type Hash def mime_type(filename, mime_tab) suffix1 = (/\.(\w+)$/ =~ filename && $1.downcase) suffix2 = (/\.(\w+)\.[\w\-]+$/ =~ filename && $1.downcase) - # Add support for additional mime types + # @todo Add support for additional mime types supported_mime_types = { 'wav' => 'audio/x-wav' } diff --git a/core/ruby/print.rb b/core/ruby/print.rb index 7921041d8..4c9bd5dbd 100644 --- a/core/ruby/print.rb +++ b/core/ruby/print.rb @@ -13,23 +13,23 @@ # See the License for the specific language governing permissions and # limitations under the License. # -# + # Function used to print errors to the console -# +# @param [String] s String to be printed def print_error(s) puts Time.now.localtime.strftime("[%k:%M:%S]")+'[!]'.red+' '+s end -# # Function used to print information to the console -# +# @param [String] s String to be printed def print_info(s) puts Time.now.localtime.strftime("[%k:%M:%S]")+'[*]'.blue+' '+s end -# # Function used to print debug information -# +# @param [String] s String to be printed +# @note This function will only print messages if the debug flag is set to true +# @todo Once the console extension has been merged into the core, remove the extension checks. def print_debug(s) config = BeEF::Core::Configuration.instance if config.get('beef.debug') || (BeEF::Extension.is_loaded('console') && BeEF::Extension::Console.verbose?) @@ -37,24 +37,15 @@ def print_debug(s) end end -# # Function used to print successes to the console -# +# @param [String] s String to be printed def print_success(s) puts Time.now.localtime.strftime("[%k:%M:%S]")+'[+]'.green+' '+s end -# -# Produces something that looks like that: -# -# [12:16:32] | Hook URL: http://127.0.0.1:3000/hook.js -# [12:16:32] | UI URL: http://127.0.0.1:3000/ui/panel -# [12:16:32] |_ Demo URL: http://127.0.0.1:3000/demos/basic.html -# -# The Template is like this: -# -# [date] | content -# +# Print multiple lines with decoration split by the return character +# @param [String] s String to be printed +# @note The string passed needs to be separated by the "\n" for multiple lines to be printed def print_more(s) time = Time.now.localtime.strftime("[%k:%M:%S]") lines = s.split("\n") @@ -68,9 +59,9 @@ def print_more(s) end end -# # Function used to print over the current line -# +# @param [String] s String to print over current line +# @note To terminate the print_over functionality your last print_over line must include a "\n" return def print_over(s) time = Time.now.localtime.strftime("[%k:%M:%S]") print "\r#{time}"+"[*]".blue+" #{s}" diff --git a/core/ruby/string.rb b/core/ruby/string.rb index ac07a6c8f..84805da95 100644 --- a/core/ruby/string.rb +++ b/core/ruby/string.rb @@ -14,13 +14,9 @@ # limitations under the License. # class String - # - # Use a gem to colorize the console. - # - # See: http://flori.github.com/term-ansicolor/ - # - # Example: print "red bold".red.bold, "\n" - # + + # @note Use a gem to colorize the console. + # @note http://flori.github.com/term-ansicolor/ include Term::ANSIColor -end \ No newline at end of file +end