Like the HINFO and MINFO RR's, TXT is vulnerable to RCE attacks and has
no purpose at the moment. TXT may be needed in the future (e.g. data
exfiltration) which is why it has been removed separately.
These RR's are very difficult to validate and, in their current state,
are vulnerable to RCE attacks. Furthermore, BeEF does not have a use for
these RR's.
Throw `UnknownDnsResourceError` instead of `InvalidDnsResourceError`
Prevents `[20:30:55][!] Internal error while adding DNS rule (uninitialized constant BeEF::Core::Models::Dns::Rule::InvalidDnsResourceError)` for invalid user supplied DNS response types.
'BeEF::Core::Models::Dns::Rule::InvalidDnsResourceError' does not exist, and it's unlikely we'll need to differentiate between invalid and unknown resource types.
Uses BeEF::Filters to ensure that empty, null, and non-printable
patterns are tossed out. Added new InvalidDnsPatternError exception
class to handle these cases.
Renamed #validate_response to #format_callback since the name is more
appropriate.
Using parameterized methods is better structured coding style rather
than defining multiple similarly-behaved methods.
annex_region('crimea') # good
vs.
annex_crimea # bad
Perhaps the ugliest part of the DNS extension, it is also the most
crucial. This method ensures that a given resource and response are
appropriate for each other. It must also prevent RCE vulns since the
input is eval'd later on.
However, HINFO, MINFO, and especially TXT validation is not strict
enough. These three need to be reviewed scrupulously since a 100%
anti-RCE solution may prove to be difficult.
A host of other changes got roped into this as well. #match now
silently handles blocks passed as a String in order to handle
the 'block' JSON parameter. This is because sourcify doesn't
work with eval'd data.
Rule id's are no longer incremental integers. It's now a 7-character
"token" generated from #secure_token and is managed by the RubyDNS
module.
