Another test added which greps the source base for the eval function.

git-svn-id: https://beef.googlecode.com/svn/trunk@1375 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
2011-10-20 13:51:12 +00:00
parent 93f7f9a545
commit 801d098e97
3 changed files with 35 additions and 6 deletions
--- a/core/ruby/security.rb
+++ b/core/ruby/security.rb
@@ -14,12 +14,6 @@
 #   limitations under the License.
 #

-# @note Prevent eval from ever being used
-# def eval(args)
-#   puts "For security reasons the eval method is not accepted in the Browser Exploitation Framework code base."
-#   exit
-# end
-
 # @note Prevent exec from ever being used
 def exec(args)
  puts "For security reasons the exec method is not accepted in the Browser Exploitation Framework code base."
--- a/test/unit/tc_grep.rb
+++ b/test/unit/tc_grep.rb
@@ -0,0 +1,33 @@
+#
+#   Copyright 2011 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+require 'test/unit'
+require 'webrick'
+
+class TC_Grep < Test::Unit::TestCase
+
+  def test_grep_eval
+    Dir['../../../**/*.rb'].each do |path|
+      File.open( path ) do |f|
+        next if path.eql?('../../../trunk/test/unit/tc_grep.rb')
+        f.grep( /\Weval\W/im ) do |line|
+          assert(false, "Illegal use of 'eval' in framework: " + path + ':' + line)
+        end
+      end
+    end
+    
+  end
+
+end
--- a/test/unit/ts_beef.rb
+++ b/test/unit/ts_beef.rb
@@ -26,6 +26,7 @@ require './core/filter/tc_command'
 require './core/tc_loader'
 require './core/tc_core'
 require './core/tc_api'
+require './tc_grep'
 require './tc_filesystem'

 class TS_BeefTests
@@ -36,6 +37,7 @@ class TS_BeefTests
    suite << TC_Core.suite
    suite << TC_Api.suite
    suite << TC_Filesystem.suite
+    suite << TC_Grep.suite
    return suite
  end
 end