From 657061952994133be3ec19d6a186aab684c8fb5c Mon Sep 17 00:00:00 2001
From: "wade@bindshell.net"
 <wade@bindshell.net@b87d56ec-f9c0-11de-8c8a-61c5e9addfc9>
Date: Fri, 17 Dec 2010 10:49:40 +0000
Subject: [PATCH] is_valid_browser_plugins? filter stub added and is_valid_ip?
 filter now used in initnandler. This starts  issue 179 and closes issue 181.

git-svn-id: https://beef.googlecode.com/svn/trunk@617 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
---
 lib/filter/base.rb        |  1 -
 lib/filter/init.rb        | 12 ++++++++++--
 lib/server/inithandler.rb | 13 ++++---------
 3 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/lib/filter/base.rb b/lib/filter/base.rb
index 56a1d12c0..62a78b3ea 100644
--- a/lib/filter/base.rb
+++ b/lib/filter/base.rb
@@ -83,7 +83,6 @@ module BeEF
       return false if not is_non_empty_string?(str)
       not (str =~ /[^\w\d\s()-.,;:_\/!\302\256]/).nil? # \302\256 is the (r) character 
     end  
-          
 
   end
   
diff --git a/lib/filter/init.rb b/lib/filter/init.rb
index 93fc56065..bbd40c31f 100644
--- a/lib/filter/init.rb
+++ b/lib/filter/init.rb
@@ -51,8 +51,16 @@ module BeEF
       return false if str.length > 255
       return false if (str =~ /^[a-zA-Z0-9][a-zA-Z0-9\-\.]*[a-zA-Z0-9]$/).nil?
       return false if not (str =~ /\.\./).nil?
-      return false if not (str =~ /\-\-/).nil?
-      
+      return false if not (str =~ /\-\-/).nil?      
+      true
+    end
+
+    # verify the hostname string is valid
+    def self.is_valid_browser_plugins?(str)
+      return false if not BeEF::Filter.is_non_empty_string?(str)
+      return false if BeEF::Filter.has_non_printable_char?(str)
+      return false if str.length > 255  
+      puts "TODO filter browser plugins: issue 179"
       true
     end
 
diff --git a/lib/server/inithandler.rb b/lib/server/inithandler.rb
index ffafe381f..69e21cfd1 100644
--- a/lib/server/inithandler.rb
+++ b/lib/server/inithandler.rb
@@ -77,17 +77,14 @@ module BeEF
       
       # get and store the browser plugins
       browser_plugins = get_param(request.query, 'BrowserPlugins')
-      if not browser_plugins.nil?
-        #TODO: add filters
-        #raise WEBrick::HTTPStatus::BadRequest, "Invalid browser plugins: has non printable chars" if not Filter.has_non_printable_char?(browser_plugins)
-        #raise WEBrick::HTTPStatus::BadRequest, "Invalid browser plugins: has null chars" if not Filter.has_null?(browser_plugins)
-        BD.set(session_id, 'BrowserPlugins', browser_plugins)
-      end
+      #TODO: add filters - is_valid_browser_plugins is only a stub
+      raise WEBrick::HTTPStatus::BadRequest, "Invalid browser plugins" if not Filter.is_valid_browser_plugins?(browser_plugins)
+      BD.set(session_id, 'BrowserPlugins', browser_plugins)
       
       # get and store the internal ip address
       internal_ip = get_param(request.query, 'InternalIP')
       if not internal_ip.nil?
-        #TODO: add Filter
+        raise WEBrick::HTTPStatus::BadRequest, "Invalid internal IP address" if not Filter.is_valid_ip?(internal_ip)
         BD.set(session_id, 'InternalIP', internal_ip)
       end
       
@@ -97,8 +94,6 @@ module BeEF
         raise WEBrick::HTTPStatus::BadRequest, "Invalid internal host name" if not Filter.is_valid_hostname?(host_name)
         BD.set(session_id, 'InternalHostname', internal_hostname)
       end
-      
-
 
     end