From 94fc2805d197ebf08adfc6bc648f75eb5a19bb89 Mon Sep 17 00:00:00 2001
From: soh_cah_toa <soh_cah_toa@cybercrud.net>
Date: Thu, 24 Apr 2014 16:36:44 -0400
Subject: [PATCH] Added ID filter checks to #get_rule.

This is ensures that ID validation occurs when using either the Ruby API
or the RESTful API. Previously, validation was only done for the
RESTful API.
---
 extensions/dns/dns.rb | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/extensions/dns/dns.rb b/extensions/dns/dns.rb
index 43782af8f..d1ed4d4d1 100644
--- a/extensions/dns/dns.rb
+++ b/extensions/dns/dns.rb
@@ -63,8 +63,14 @@ module BeEF
         # @return [Hash] hash representation of rule (empty hash if rule wasn't found)
         def get_rule(id)
           @lock.synchronize do
-            rule = @database.get(id)
-            rule.nil? ? {} : to_hash(rule)
+            if BeEF::Filters.hexs_only?(id) &&
+                !BeEF::Filters.has_null?(id) &&
+                !BeEF::Filters.has_non_printable_char?(id) &&
+                id.length == 8
+
+              rule = @database.get(id)
+              rule.nil? ? {} : to_hash(rule)
+            end
           end
         end