fixing filters for the requester

git-svn-id: https://beef.googlecode.com/svn/trunk@512 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
2010-11-13 03:51:47 +00:00
parent 010d9c0a4b
commit b5d731caca
3 changed files with 20 additions and 24 deletions
--- a/beef.db
+++ b/beef.db
--- a/lib/filter.rb
+++ b/lib/filter.rb
@@ -88,29 +88,23 @@ module BeEF
    end

    # check if request is valid
-    def self.is_valid_request?(str)
-      req_parts = str.split(/ |\n/)
-
-      #check verb
-      verb = req_parts[0]
-      return false if not verb.eql? "GET" or verb.eql? "POST"
-
-      #check uri
-      uri = req_parts[1]
-      return false if not uri.eql? WEBrick::HTTPUtils.normalize_path(uri)
+    # @param: {WEBrick::HTTPUtils::FormData} request object
+    def self.is_valid_request?(request)
+      #check a webrick object is sent
+      raise 'your request is of invalide type' if not request.is_a? WEBrick::HTTPRequest
+      
+      #check http method
+      raise 'only GET or POST requests are supported for http requests' if not request.request_method.eql? 'GET' or request.request_method.eql? 'POST'
+      
+      #check uri
+      raise 'the uri is missing' if not webrick.unparsed_uri
+      
+      #check host
+      raise 'http host missing' if request.host.nil?
+      
+      #check domain
+      raise 'invalid http domain' if not URI.parse(request.host)
      
-      # check trailer
-      trailer = req_parts[2]
-      return false if not trailer.eql? "HTTP/1.1" or trailer.eql? "HTTP/1.0"
-
-      # check host
-      host_param_key = req_parts[3]
-      return false if not host_param_key.eql? "Host:"
-
-      # check ip address of target
-      host_param_value = req_parts[4]
-      return false if not host_param_value =~ /^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})?$/
-            
      true
    end

--- a/lib/ui/requester/requester.rb
+++ b/lib/ui/requester/requester.rb
@@ -33,7 +33,6 @@ class Requester < BeEF::HttpController
    raw_request = @params['raw_request'] || nil
    raise WEBrick::HTTPStatus::BadRequest, "raw_request is nil" if raw_request.nil?
    raise WEBrick::HTTPStatus::BadRequest, "raw_request contains non-printable chars" if not Filter.has_non_printable_char?(raw_request)
-    raise WEBrick::HTTPStatus::BadRequest, "raw_request is invalid request" if not Filter.is_valid_request?(raw_request)
    
    # validate nonce
    nonce = @params['nonce'] || nil
@@ -46,7 +45,10 @@ class Requester < BeEF::HttpController
    # will raise an exception on failure
    s = StringIO.new raw_request
    webrick.parse(s)
-
+    
+    # if the request is invalide, an exception will be raised
+    Filter.is_valid_request?(webrick)
+    
    # Saves the new HTTP request.
    http = H.new(
      :request => raw_request,