Add support for ARE rules with multiple browsers

2016-01-31 20:26:35 +00:00
parent fefcef6fb0
commit e462e504fb
2 changed files with 31 additions and 15 deletions
--- a/core/main/autorun_engine/engine.rb
+++ b/core/main/autorun_engine/engine.rb
@@ -403,19 +403,29 @@ module BeEF
              next unless @VERSION.include?(os_ver_rule_cond) || @VERSION_STR.include?(os_ver_rule_cond)
              # os_ver without checks as it can be very different or even empty, for instance on linux/bsd)

-              # check if the browser and OS types do match
-              next unless rule.browser == 'ALL'  || browser == rule.browser
-              next unless rule.os == 'ALL'       || os == rule.os
-
-              # check if the browser version match
-              browser_version_match = compare_versions(browser_version.to_s, b_ver_cond, b_ver.to_s)
-              if browser_version_match
-                browser_match = true
+              # skip rule unless the browser matches
+              browser_match = false
+              # check if rule specifies multiple browsers
+              if rule.browser !~ /\A[A-Z]+\Z/
+                rule.browser.gsub(/[^A-Z,]/i, '').split(',').each do |b|
+                  browser_match = true if b == browser || b == 'ALL'
+                end
+              # else, only one browser
              else
-                browser_match = false
+                next unless rule.browser == 'ALL' || browser == rule.browser
+                # check if the browser version matches
+                browser_version_match = compare_versions(browser_version.to_s, b_ver_cond, b_ver.to_s)
+                if browser_version_match
+                  browser_match = true
+                else
+                  browser_match = false
+                end
+                print_more "Browser version check -> (hook) #{browser_version} #{rule.browser_version} (rule) : #{browser_version_match}"
              end
+              next unless browser_match

-              print_more "Browser version check -> (hook) #{browser_version} #{rule.browser_version} (rule) : #{browser_version_match}"
+              # skip rule unless the OS matches
+              next unless rule.os == 'ALL' || os == rule.os

              # check if the OS versions match
              if os_version != nil || rule.os_version != 'ALL'
--- a/core/main/autorun_engine/parser.rb
+++ b/core/main/autorun_engine/parser.rb
@@ -28,13 +28,19 @@ module BeEF
            return [false, 'Illegal chain_mode definition'] unless CHAIN_MODE.include?(chain_mode)
            return [false, 'Illegal rule name'] unless BeEF::Filters.is_non_empty_string?(name)
            return [false, 'Illegal author name'] unless BeEF::Filters.is_non_empty_string?(author)
-
-            return [false, 'Illegal browser definition'] unless BROWSER.include?(browser)
-
-            if browser_version != 'ALL'
-              return [false, 'Illegal browser_version definition'] unless
+            # if multiple browsers were specified, check each browser
+            if browser.kind_of?(Array)
+              browser.each do |b|
+                return [false, 'Illegal browser definition'] unless BROWSER.include?(b)
+              end
+            # else, if only one browser was specified, check browser and browser version
+            else
+              return [false, 'Illegal browser definition'] unless BROWSER.include?(browser)
+              if browser_version != 'ALL'
+                return [false, 'Illegal browser_version definition'] unless
                  VERSION.include?(browser_version[0,2].gsub(/\s+/,'')) &&
                      BeEF::Filters::is_valid_browserversion?(browser_version[2..-1].gsub(/\s+/,'')) && browser_version.length < MAX_VER_LEN
+              end
            end

            if os_version != 'ALL'