Land rapid7#3185, regex option validation

wvu · wvu · commit de49241195e4 · 2014-05-14T01:27:18.000-05:00
diff --git a/lib/msf/core/option_container.rb b/lib/msf/core/option_container.rb
@@ -20,6 +20,7 @@ class OptBase
   # attrs[1] = description (string)
   # attrs[2] = default value
   # attrs[3] = possible enum values
+  # attrs[4] = Regex to validate the option
   #
   def initialize(in_name, attrs = [])
     self.name     = in_name
@@ -29,6 +30,21 @@ def initialize(in_name, attrs = [])
     self.desc     = attrs[1]
     self.default  = attrs[2]
     self.enums    = [ *(attrs[3]) ].map { |x| x.to_s }
+    regex_temp    = attrs[4] || nil
+    if regex_temp
+      # convert to string
+      regex_temp = regex_temp.to_s if regex_temp.is_a? Regexp
+      # remove start and end character, they will be added later
+      regex_temp = regex_temp.sub(/^\^/, '').sub(/\$$/, '')
+      # Add start and end marker to match the whole regex
+      regex_temp = "^#{regex_temp}$"
+      begin
+        Regexp.compile(regex_temp)
+        self.regex = regex_temp
+      rescue RegexpError, TypeError => e
+        raise("Invalid Regex #{regex_temp}: #{e}")
+      end
+    end
   end
 
   #
@@ -63,7 +79,18 @@ def type?(in_type)
   # If it's required and the value is nil or empty, then it's not valid.
   #
   def valid?(value)
-    return (required? and (value == nil or value.to_s.empty?)) ? false : true
+    if required?
+      # required variable not set
+      return false if (value == nil or value.to_s.empty?)
+    end
+    if regex
+      if value.match(regex)
+        return true
+      else
+        return false
+      end
+    end
+    return true
   end
 
   #
@@ -125,6 +152,10 @@ def display_value(value)
   # The list of potential valid values
   #
   attr_accessor :enums
+  #
+  # A optional regex to validate the option value
+  #
+  attr_accessor :regex
 
 protected
 
diff --git a/modules/auxiliary/fuzzers/ftp/client_ftp.rb b/modules/auxiliary/fuzzers/ftp/client_ftp.rb
@@ -30,7 +30,7 @@ def initialize()
     register_options(
       [
       OptPort.new('SRVPORT', [ true, "The local port to listen on.", 21 ]),
-      OptString.new('FUZZCMDS', [ true, "Comma separated list of commands to fuzz.", "LIST,NLST,LS,RETR" ]),
+      OptString.new('FUZZCMDS', [ true, "Comma separated list of commands to fuzz (Uppercase).", "LIST,NLST,LS,RETR", nil, /(?:[A-Z]+,?)+/ ]),
       OptInt.new('STARTSIZE', [ true, "Fuzzing string startsize.",1000]),
       OptInt.new('ENDSIZE', [ true, "Max Fuzzing string size.",200000]),
       OptInt.new('STEPSIZE', [ true, "Increment fuzzing string each attempt.",1000]),

Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@ def initialize()`
`30`	`30`	`register_options(`
`31`	`31`	`[`
`32`	`32`	`OptPort.new('SRVPORT', [ true, "The local port to listen on.", 21 ]),`
`33`		`- OptString.new('FUZZCMDS', [ true, "Comma separated list of commands to fuzz.", "LIST,NLST,LS,RETR" ]),`
	`33`	`+ OptString.new('FUZZCMDS', [ true, "Comma separated list of commands to fuzz (Uppercase).", "LIST,NLST,LS,RETR", nil, /(?:[A-Z]+,?)+/ ]),`
`34`	`34`	`OptInt.new('STARTSIZE', [ true, "Fuzzing string startsize.",1000]),`
`35`	`35`	`OptInt.new('ENDSIZE', [ true, "Max Fuzzing string size.",200000]),`
`36`	`36`	`OptInt.new('STEPSIZE', [ true, "Increment fuzzing string each attempt.",1000]),`