Even though it is unlikely that a user would remove these options from
the DNS config file, it is still good practice to have these safeguards
in place.
This is primarily intended to add clarity by reducing clutter. Moreover,
it also has the side effect of improving performance very slightly by
removing the overhead of calling #instance numerous times.
Many filter checks were removed because the new DNS extension performs
validation before performing any database operation.
Modified message for InvalidParamError to be more modular.
Uses BeEF::Filters to ensure that empty, null, and non-printable
patterns are tossed out. Added new InvalidDnsPatternError exception
class to handle these cases.
Renamed #validate_response to #format_callback since the name is more
appropriate.
Using parameterized methods is better structured coding style rather
than defining multiple similarly-behaved methods.
annex_region('crimea') # good
vs.
annex_crimea # bad
Changed regex in #is_valid_ip? to be more strict since it previously
would have matched an invalid IP such as 999.999.999.999. Changed its
name to #is_valid_ipv4?.
Added new #is_valid_ipv6? method that validates IPv6 addresses. It is
very comprehensive and will match normal IPv6 addresses, zero
compressed, link-local with zone index, and IPv6 addresses that have
IPv4 embedded, mapped, and translated.
Added new #is_valid_domain? method that validates domain names.
Perhaps the ugliest part of the DNS extension, it is also the most
crucial. This method ensures that a given resource and response are
appropriate for each other. It must also prevent RCE vulns since the
input is eval'd later on.
However, HINFO, MINFO, and especially TXT validation is not strict
enough. These three need to be reviewed scrupulously since a 100%
anti-RCE solution may prove to be difficult.
The DNS server now searches for matching rules and sends its response
when handling incoming requests. However, all rules are still assigned
the same callback for the moment.
Changed Logger overrides to disable logging instead of using BeEF's
print_* methods. RubyDNS logging is too verbose. The DNS extension will
perform debug logging on its own.
