Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

is_valid_browser_plugins? filter stub added and is_valid_ip? filter now used in initnandler. This starts issue 179 and closes issue 181.

Browse Source 
git-svn-id: https://beef.googlecode.com/svn/trunk@617 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
This commit is contained in:
wade@bindshell.net
2010-12-17 10:49:40 +00:00
parent a6d84a7630
commit 6570619529
3 changed files with 14 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/filter/base.rb
View File

@@ -83,7 +83,6 @@ module BeEF
return false if not is_non_empty_string?(str)
not (str =~ /[^\w\d\s()-.,;:_\/!\302\256]/).nil? # \302\256 is the (r) character
end
end

12
lib/filter/init.rb
View File

@@ -51,8 +51,16 @@ module BeEF
return false if str.length > 255
return false if (str =~ /^[a-zA-Z0-9][a-zA-Z0-9\-\.]*[a-zA-Z0-9]$/).nil?
return false if not (str =~ /\.\./).nil?
return false if not (str =~ /\-\-/).nil?
return false if not (str =~ /\-\-/).nil?
true
end
# verify the hostname string is valid
def self.is_valid_browser_plugins?(str)
return false if not BeEF::Filter.is_non_empty_string?(str)
return false if BeEF::Filter.has_non_printable_char?(str)
return false if str.length > 255
puts "TODO filter browser plugins: issue 179"
true
end

13
lib/server/inithandler.rb
View File

@@ -77,17 +77,14 @@ module BeEF
# get and store the browser plugins
browser_plugins = get_param(request.query, 'BrowserPlugins')
if not browser_plugins.nil?
#TODO: add filters
#raise WEBrick::HTTPStatus::BadRequest, "Invalid browser plugins: has non printable chars" if not Filter.has_non_printable_char?(browser_plugins)
#raise WEBrick::HTTPStatus::BadRequest, "Invalid browser plugins: has null chars" if not Filter.has_null?(browser_plugins)
BD.set(session_id, 'BrowserPlugins', browser_plugins)
end
#TODO: add filters - is_valid_browser_plugins is only a stub
raise WEBrick::HTTPStatus::BadRequest, "Invalid browser plugins" if not Filter.is_valid_browser_plugins?(browser_plugins)
BD.set(session_id, 'BrowserPlugins', browser_plugins)
# get and store the internal ip address
internal_ip = get_param(request.query, 'InternalIP')
if not internal_ip.nil?
#TODO: add Filter
raise WEBrick::HTTPStatus::BadRequest, "Invalid internal IP address" if not Filter.is_valid_ip?(internal_ip)
BD.set(session_id, 'InternalIP', internal_ip)
end
@@ -97,8 +94,6 @@ module BeEF
raise WEBrick::HTTPStatus::BadRequest, "Invalid internal host name" if not Filter.is_valid_hostname?(host_name)
BD.set(session_id, 'InternalHostname', internal_hostname)
end
end