Added more restrictions on browser/os version definitions
This commit is contained in:
antisnatchor
@@ -51,12 +51,25 @@ module Filters
|
||||
# @param [String] str String for testing
|
||||
# @return [Boolean] If the string has valid browser version characters
|
||||
def self.is_valid_browserversion?(str)
|
||||
return false if not is_non_empty_string?(str)
|
||||
return false unless is_non_empty_string?(str)
|
||||
return false if has_non_printable_char?(str)
|
||||
return true if str.eql? "UNKNOWN"
|
||||
return true if str.eql? "ALL"
|
||||
return false if not nums_only?(str) and not is_valid_float?(str)
|
||||
return false if str.length > 10
|
||||
return false if str.length > 20
|
||||
true
|
||||
end
|
||||
|
||||
# Verify the os version string is valid
|
||||
# @param [String] str String for testing
|
||||
# @return [Boolean] If the string has valid os version characters
|
||||
def self.is_valid_osversion?(str)
|
||||
return false unless is_non_empty_string?(str)
|
||||
return false if has_non_printable_char?(str)
|
||||
return true if str.eql? "UNKNOWN"
|
||||
return true if str.eql? "ALL"
|
||||
return false unless BeEF::Filters::only?("a-zA-Z0-9.<=> ", str)
|
||||
return false if str.length > 20
|
||||
true
|
||||
end
|
||||
|
||||
|
||||
@@ -18,9 +18,9 @@ module BeEF
|
||||
property :name, Text # rule name
|
||||
property :author, String # rule author
|
||||
property :browser, String, :length => 10 # browser name
|
||||
property :browser_version, String, :length => 10 # browser version
|
||||
property :browser_version, String, :length => 25 # browser version
|
||||
property :os, String, :length => 10 # OS name
|
||||
property :os_version, String, :length => 10 # OS version
|
||||
property :os_version, String, :length => 25 # OS version
|
||||
property :modules, Text # JSON stringyfied representation of the JSON rule for further parsing
|
||||
property :execution_order, Text # command module execution order
|
||||
property :execution_delay, Text # command module time delays
|
||||
|
||||
@@ -19,7 +19,7 @@ module BeEF
|
||||
OS = ['Linux','Windows','OSX','Android','iOS','BlackBerry','ALL']
|
||||
VERSION = ['<','<=','==','>=','>','ALL','Vista','XP']
|
||||
CHAIN_MODE = ['sequential','nested-forward']
|
||||
|
||||
MAX_VER_LEN = 25
|
||||
# Parse a JSON ARE file and returns an Hash with the value mappings
|
||||
def parse(name,author,browser, browser_version, os, os_version, modules, exec_order, exec_delay, chain_mode)
|
||||
begin
|
||||
@@ -30,12 +30,14 @@ module BeEF
|
||||
return [false, 'Illegal author name'] unless BeEF::Filters.is_non_empty_string?(author)
|
||||
|
||||
return [false, 'Illegal browser definition'] unless BROWSER.include?(browser)
|
||||
return [false, 'Illegal browser_version definition'] unless BeEF::Filters::is_valid_browserversion?(
|
||||
browser_version.split(' ').last) || VERSION.include?(browser_version[0,2].gsub(/\s+/,'')) || browser_version == 'ALL'
|
||||
return [false, 'Illegal browser_version definition'] unless
|
||||
(VERSION.include?(browser_version[0,2].gsub(/\s+/,'')) || browser_version == 'ALL') &&
|
||||
BeEF::Filters::is_valid_browserversion?(browser_version.split(' ').last) && browser_version.length < MAX_VER_LEN
|
||||
|
||||
return [false, 'Illegal os definition'] unless OS.include?(os)
|
||||
return [false, 'Illegal os_version definition'] unless
|
||||
(VERSION.include?(os_version[0, 2].gsub(/\s+/, '')) || os_version == 'ALL') && BeEF::Filters::only?("a-zA-Z0-9.<=> ",os_version)
|
||||
(VERSION.include?(os_version[0, 2].gsub(/\s+/, '')) || os_version == 'ALL') &&
|
||||
BeEF::Filters::is_valid_osversion?(os_version.split(' ').last) && os_version.length < MAX_VER_LEN
|
||||
|
||||
|
||||
# check if module names, conditions and options are ok
|
||||
|
||||
Reference in New Issue
Block a user