base.rb - Copyright (c) 2006-2014 Wade Alcorn

/core/filters/base.rb

https://github.com/michaelhidalgo/beef · Ruby · 187 lines · 100 code · 19 blank · 68 comment · 20 complexity · 864ca54559c10c66de21a6291747386d MD5 · raw file

#
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Filters

  # Check if the string is not empty and not nil
  # @param [String] str String for testing
  # @return [Boolean] Whether the string is not empty
  def self.is_non_empty_string?(str)
    return false if str.nil?
    return false if not str.is_a? String
    return false if str.empty?
    true
  end

  # Check if only the characters in 'chars' are in 'str'
  # @param [String] chars List of characters to match
  # @param [String] str String for testing
  # @return [Boolean] Whether or not the only characters in str are specified in chars
  def self.only?(chars, str)
    regex = Regexp.new('[^' + chars + ']')
    regex.match(str).nil?
  end

  # Check if one or more characters in 'chars' are in 'str'
  # @param [String] chars List of characters to match
  # @param [String] str String for testing
  # @return [Boolean] Whether one of the characters exists in the string
  def self.exists?(chars, str)
    regex = Regexp.new(chars)
    not regex.match(str).nil?
  end

  # Check for null char
  # @param [String] str String for testing
  # @return [Boolean] If the string has a null character
  def self.has_null? (str)
    return false if not is_non_empty_string?(str)
    exists?('\x00', str)
  end

  # Check for non-printable char
  # @param [String] str String for testing
  # @return [Boolean] Whether or not the string has non-printable characters
  def self.has_non_printable_char?(str)
    return false if not is_non_empty_string?(str)
    not only?('[:print:]', str)
  end

  # Check if num characters only
  # @param [String] str String for testing
  # @return [Boolean] If the string only contains numbers
  def self.nums_only?(str)
    return false if not is_non_empty_string?(str)
    only?('0-9', str)
  end

  # Check if valid float
  # @param [String] str String for float testing
  # @return [Boolean] If the string is a valid float
  def self.is_valid_float?(str)
    return false if not is_non_empty_string?(str)
    return false if not only?('0-9\.', str)
    not (str =~ /^[\d]+\.[\d]+$/).nil?
  end

  # Check if hex characters only
  # @param [String] str String for testing
  # @return [Boolean] If the string only contains hex characters
  def self.hexs_only?(str)
    return false if not is_non_empty_string?(str)
    only?('0123456789ABCDEFabcdef', str)
  end

  # Check if first character is a number
  # @param [String] String for testing
  # @return [Boolean] If the first character of the string is a number
  def self.first_char_is_num?(str)
    return false if not is_non_empty_string?(str)
    not (str =~ /^\d.*/).nil?
  end

  # Check for space characters: \t\n\r\f
  # @param [String] str String for testing
  # @return [Boolean] If the string has a whitespace character
  def self.has_whitespace_char?(str)
    return false if not is_non_empty_string?(str)
    exists?('\s', str)
  end

  # Check for non word characters: a-zA-Z0-9
  # @param [String] str String for testing
  # @return [Boolean] If the string only has alphanums
  def self.alphanums_only?(str)
    return false if not is_non_empty_string?(str)
    only?("a-zA-Z0-9", str)
  end

  # @overload self.is_valid_ip?(version, ip)
  #   Checks if the given string is a valid IP address
  #   @param [Symbol] version IP version (either <code>:ipv4</code> or <code>:ipv6</code>)
  #   @param [String] ip string to be tested
  #   @return [Boolean] true if the string is a valid IP address, otherwise false
  #
  # @overload self.is_valid_ip?(ip)
  #   Checks if the given string is either a valid IPv4 or IPv6 address
  #   @param [String] ip string to be tested
  #   @return [Boolean] true if the string is a valid IPv4 or IPV6 address, otherwise false
  def self.is_valid_ip?(version = :both, ip)
    valid = false

    if is_non_empty_string?(ip)
      valid = case version.inspect.downcase
        when /^:ipv4$/
          ip =~ /^((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}
            (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])$/x
        when /^:ipv6$/
          ip =~ /^(([0-9a-f]{1,4}:){7,7}[0-9a-f]{1,4}|
            ([0-9a-f]{1,4}:){1,7}:|
            ([0-9a-f]{1,4}:){1,6}:[0-9a-f]{1,4}|
            ([0-9a-f]{1,4}:){1,5}(:[0-9a-f]{1,4}){1,2}|
            ([0-9a-f]{1,4}:){1,4}(:[0-9a-f]{1,4}){1,3}|
            ([0-9a-f]{1,4}:){1,3}(:[0-9a-f]{1,4}){1,4}|
            ([0-9a-f]{1,4}:){1,2}(:[0-9a-f]{1,4}){1,5}|
            [0-9a-f]{1,4}:((:[0-9a-f]{1,4}){1,6})|
            :((:[0-9a-f]{1,4}){1,7}|:)|
            fe80:(:[0-9a-f]{0,4}){0,4}%[0-9a-z]{1,}|
            ::(ffff(:0{1,4}){0,1}:){0,1}
            ((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]).){3,3}
            (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|
            ([0-9a-f]{1,4}:){1,4}:
            ((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]).){3,3}
            (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/ix
        when /^:both$/
          is_valid_ip?(:ipv4, ip) || is_valid_ip?(:ipv6, ip)
      end ? true : false
    end

    valid
  end

  # Checks if string is a valid domain name
  # @param [String] domain string for testing
  # @return [Boolean] If the string is a valid domain name
  # @note Only validates the string format. It does not check for a valid TLD since ICANN's list of
  #       TLD's is not static.
  def self.is_valid_domain?(domain)
    return false unless is_non_empty_string?(domain)
    return true if domain =~ /^[0-9a-z-]+(\.[0-9a-z-]+)*(\.[a-z]{2,}).?$/i
    false
  end

  # Check for valid browser details characters
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid browser details characters
  # @note This function passes the \302\256 character which translates to the registered symbol (r)
  def self.has_valid_browser_details_chars?(str)
    return false if not is_non_empty_string?(str)
    not (str =~ /[^\w\d\s()-.,;:_\/!\302\256]/).nil?  
  end  

  # Check for valid base details characters
  # @param [String] str String for testing
  # @return [Boolean] If the string has only valid base characters
  # @note This is for basic filtering where possible all specific filters must be implemented
  # @note This function passes the \302\256 character which translates to the registered symbol (r)
  def self.has_valid_base_chars?(str)
    return false if not is_non_empty_string?(str)
    (str =~ /[^\302\256[:print:]]/).nil? 
  end  

  # Verify the yes and no is valid
  # @param [String] str String for testing
  # @return [Boolean] If the string is either 'yes' or 'no'
  # @todo Confirm this is case insensitive
  def self.is_valid_yes_no?(str)
    return false if has_non_printable_char?(str)
    return false if str !~ /^(Yes|No)$/
    return false if str.length > 200
    true
  end

end
end
Alerts (6)

Complexity hotspot; lines 13 to 15 (total complexity: 3)
13 14 15
Complexity hotspot; lines 180 to 182 (total complexity: 3)
180 181 182