Added ID filter checks to #get_rule.

This is ensures that ID validation occurs when using either the Ruby API or the RESTful API. Previously, validation was only done for the RESTful API.
2014-04-24 16:36:44 -04:00
parent 7b229a2a20
commit 94fc2805d1
1 changed files with 8 additions and 2 deletions
--- a/extensions/dns/dns.rb
+++ b/extensions/dns/dns.rb
@@ -63,8 +63,14 @@ module BeEF
        # @return [Hash] hash representation of rule (empty hash if rule wasn't found)
        def get_rule(id)
          @lock.synchronize do
-            rule = @database.get(id)
-            rule.nil? ? {} : to_hash(rule)
+            if BeEF::Filters.hexs_only?(id) &&
+                !BeEF::Filters.has_null?(id) &&
+                !BeEF::Filters.has_non_printable_char?(id) &&
+                id.length == 8
+
+              rule = @database.get(id)
+              rule.nil? ? {} : to_hash(rule)
+            end
          end
        end