Created API Security Path mapping procedures. Fixes issue 340

git-svn-id: https://beef.googlecode.com/svn/trunk@1024 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
2011-06-26 01:29:11 +00:00
parent 62502cf124
commit 4f467ba6fd
5 changed files with 32 additions and 9 deletions
--- a/core/api.rb
+++ b/core/api.rb
@@ -10,15 +10,29 @@ module API
    # Calls a API fire against a certain class / module (c) method (m) with n parameters (*args)
    #
    def self.fire(c, m, *args)
-        c.extended_in_modules.each do |mod|
-          begin
-            mod.send m.to_sym, *args
-          rescue Exception => e
-            puts e.message  
-            puts e.backtrace
-          end
+        if self.verify_api_path(c, m)
+            method = self.get_api_path(c, m)
+            c.extended_in_modules.each do |mod|
+              begin
+                mod.send method, *args
+              rescue Exception => e
+                print_error e.message  
+              end
+            end
+        else
+            print_error "API Path not defined for Class: "+c.to_s+" Method: "+m.to_s
        end
    end
+
+    # Verifies that the api_path has been regitered
+    def self.verify_api_path(c, m)
+        return (c.const_defined?('API_PATHS', false) and c.const_get('API_PATHS', false).has_key?(m))
+    end
+
+    # Gets the sym set to the api_path
+    def self.get_api_path(c, m)
+        return (self.verify_api_path(c, m)) ? c.const_get('API_PATHS', false)[m] : nil;
+    end
   
 end
 end
--- a/core/api/server/handler.rb
+++ b/core/api/server/handler.rb
@@ -23,6 +23,11 @@ module Server
  #
  module Handler
    
+    API_PATHS = {
+        'pre_http_start' => :pre_http_start,
+        'mount_handlers' => :mount_handlers
+    }
+    
    #
    # This method is being called when the BeEF server mounts handlers
    #
--- a/core/api/server/hook.rb
+++ b/core/api/server/hook.rb
@@ -22,6 +22,10 @@ module Server
  #   end
  #
  module Hook 
+
+    API_PATHS = {
+        'pre_hook_send' => :pre_hook_send
+    }
    
    #
    # This method is being called as the hooked response is being built 
--- a/core/main/handlers/hookedbrowsers.rb
+++ b/core/main/handlers/hookedbrowsers.rb
@@ -69,7 +69,7 @@ module Handlers
        #
        # We dynamically get the list of all browser hook handler using the API and register them
        #
-        BeEF::API.fire(BeEF::API::Server::Hook, :pre_hook_send, hooked_browser, @body, @params, @request, @response)
+        BeEF::API.fire(BeEF::API::Server::Hook, 'pre_hook_send', hooked_browser, @body, @params, @request, @response)
      end

      # set response headers and body
--- a/core/main/server.rb
+++ b/core/main/server.rb
@@ -86,7 +86,7 @@ module Core
        #
        # We dynamically get the list of all http handler using the API and register them
        #
-        BeEF::API.fire(BeEF::API::Server::Handler, :mount_handlers, self)
+        BeEF::API.fire(BeEF::API::Server::Handler, 'mount_handlers', self)
      end
    end