From 6f5b025acc53ad782cabbda5da76bf0a34b188a0 Mon Sep 17 00:00:00 2001
From: antisnatchor <antisnatchor@gmail.com>
Date: Mon, 27 Jul 2015 14:02:20 +0200
Subject: [PATCH] Added more restrictions on browser/os version definitions

---
 core/filters/browser.rb                 | 17 +++++++++++++++--
 core/main/autorun_engine/models/rule.rb |  4 ++--
 core/main/autorun_engine/parser.rb      | 10 ++++++----
 3 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/core/filters/browser.rb b/core/filters/browser.rb
index d40758c37..47b3e7f38 100644
--- a/core/filters/browser.rb
+++ b/core/filters/browser.rb
@@ -51,12 +51,25 @@ module Filters
   # @param [String] str String for testing
   # @return [Boolean] If the string has valid browser version characters
   def self.is_valid_browserversion?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
     return false if has_non_printable_char?(str)
     return true if str.eql? "UNKNOWN"
     return true if str.eql? "ALL"
     return false if not nums_only?(str) and not is_valid_float?(str)  
-    return false if str.length > 10      
+    return false if str.length > 20
+    true
+  end
+
+  # Verify the os version string is valid
+  # @param [String] str String for testing
+  # @return [Boolean] If the string has valid os version characters
+  def self.is_valid_osversion?(str)
+    return false unless is_non_empty_string?(str)
+    return false if has_non_printable_char?(str)
+    return true if str.eql? "UNKNOWN"
+    return true if str.eql? "ALL"
+    return false unless BeEF::Filters::only?("a-zA-Z0-9.<=> ", str)
+    return false if str.length > 20
     true
   end
 
diff --git a/core/main/autorun_engine/models/rule.rb b/core/main/autorun_engine/models/rule.rb
index 52efdd099..cd2a2c50d 100644
--- a/core/main/autorun_engine/models/rule.rb
+++ b/core/main/autorun_engine/models/rule.rb
@@ -18,9 +18,9 @@ module BeEF
           property :name, Text                                       # rule name
           property :author, String                                   # rule author
           property :browser, String, :length => 10                   # browser name
-          property :browser_version, String, :length => 10           # browser version
+          property :browser_version, String, :length => 25           # browser version
           property :os, String, :length => 10                        # OS name
-          property :os_version, String, :length => 10                # OS version
+          property :os_version, String, :length => 25                # OS version
           property :modules, Text                                    # JSON stringyfied representation of the JSON rule for further parsing
           property :execution_order, Text                            # command module execution order
           property :execution_delay, Text                            # command module time delays
diff --git a/core/main/autorun_engine/parser.rb b/core/main/autorun_engine/parser.rb
index 65eb91bdb..17ea5c9ae 100644
--- a/core/main/autorun_engine/parser.rb
+++ b/core/main/autorun_engine/parser.rb
@@ -19,7 +19,7 @@ module BeEF
         OS = ['Linux','Windows','OSX','Android','iOS','BlackBerry','ALL']
         VERSION = ['<','<=','==','>=','>','ALL','Vista','XP']
         CHAIN_MODE = ['sequential','nested-forward']
-
+        MAX_VER_LEN = 25
         # Parse a JSON ARE file and returns an Hash with the value mappings
         def parse(name,author,browser, browser_version, os, os_version, modules, exec_order, exec_delay, chain_mode)
           begin
@@ -30,12 +30,14 @@ module BeEF
             return [false, 'Illegal author name'] unless BeEF::Filters.is_non_empty_string?(author)
 
             return [false, 'Illegal browser definition'] unless BROWSER.include?(browser)
-            return [false, 'Illegal browser_version definition'] unless BeEF::Filters::is_valid_browserversion?(
-                browser_version.split(' ').last) || VERSION.include?(browser_version[0,2].gsub(/\s+/,'')) || browser_version == 'ALL'
+            return [false, 'Illegal browser_version definition'] unless
+                (VERSION.include?(browser_version[0,2].gsub(/\s+/,'')) || browser_version == 'ALL') &&
+                    BeEF::Filters::is_valid_browserversion?(browser_version.split(' ').last) && browser_version.length < MAX_VER_LEN
 
             return [false, 'Illegal os definition'] unless OS.include?(os)
             return [false, 'Illegal os_version definition'] unless
-                 (VERSION.include?(os_version[0, 2].gsub(/\s+/, '')) || os_version == 'ALL') && BeEF::Filters::only?("a-zA-Z0-9.<=> ",os_version)
+                 (VERSION.include?(os_version[0, 2].gsub(/\s+/, '')) || os_version == 'ALL') &&
+                     BeEF::Filters::is_valid_osversion?(os_version.split(' ').last) && os_version.length < MAX_VER_LEN
 
 
             # check if module names, conditions and options are ok