Add support for multiple permitted hooking/ui subnets - #1319

2019-03-03 21:14:39 +00:00
parent 8e7522b1b1
commit d698b6a0ba
4 changed files with 44 additions and 27 deletions
--- a/core/main/rest/api.rb
+++ b/core/main/rest/api.rb
@@ -70,15 +70,20 @@ module BeEF
      # This is from extensions/admin_ui/controllers/authentication/authentication.rb
      #
      def self.permitted_source?(ip)
-        # get permitted subnet
+        # test if supplied IP address is valid
+        return false unless BeEF::Filters::is_valid_ip?(ip)
+
+        # get permitted subnets
        permitted_ui_subnet = BeEF::Core::Configuration.instance.get("beef.restrictions.permitted_ui_subnet")
-        target_network = IPAddr.new(permitted_ui_subnet)
+	return false if permitted_ui_subnet.nil?
+	return false if permitted_ui_subnet.empty?

-        # test if supplied IP address is valid dot-decimal format
-        return false unless ip =~ /\A[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\z/
+        # test if ip within subnets
+	permitted_ui_subnet.each do |subnet|
+          return true if IPAddr.new(subnet).include?(ip)
+	end

-        # test if ip within subnet
-        return target_network.include?(ip)
+        false
      end

      #