Merge branch 'beefproject:master' into network_services_fix

.github/workflows/github_actions.yml

@@ -41,8 +41,7 @@ jobs:
 
       - name: 'Setting up Ruby'
         uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: 3.0.3 # Not needed with a .ruby-version file
+        # Ruby version is defined in .ruby-version file
 
       - name: 'Update and Install Dependencies'
         run: |

Gemfile

@@ -15,15 +15,16 @@ gem 'rack-protection', '~> 3.2.0'
 gem 'em-websocket', '~> 0.5.3' # WebSocket support
 gem 'uglifier', '~> 4.2'
 gem 'mime-types', '~> 3.6'
-gem 'execjs', '~> 2.9'
+gem 'execjs', '~> 2.10'
 gem 'ansi', '~> 1.5'
 gem 'term-ansicolor', :require => 'term/ansicolor'
 gem 'rubyzip', '~> 2.3'
 gem 'espeak-ruby', '~> 1.1.0' # Text-to-Voice
 gem 'rake', '~> 13.2'
-gem 'otr-activerecord', '~> 2.2.0'
-gem 'sqlite3', '~> 1.4'
-gem 'rubocop', '~> 1.66.1', require: false
+gem 'activerecord', '~> 7.2' 
+gem 'otr-activerecord', '~> 2.4.0'
+gem 'sqlite3', '~> 2.2'
+gem 'rubocop', '~> 1.68.0', require: false
 
 # Geolocation support
 group :geoip do
@@ -78,7 +79,7 @@ group :test do
     # Note: selenium-webdriver 3.x is incompatible with Firefox version 48 and prior
     # gem 'selenium' # Requires old version of selenium which is no longer available
     gem 'geckodriver-helper', '~> 0.24.0'
-    gem 'selenium-webdriver', '~> 4.25'
+    gem 'selenium-webdriver', '~> 4.26'
 
     # Note: nokogiri is needed by capybara which may require one of the below commands
     # sudo apt-get install libxslt-dev libxml2-dev

Gemfile.lock

@@ -1,22 +1,24 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    activemodel (7.1.4)
-      activesupport (= 7.1.4)
-    activerecord (7.1.4)
-      activemodel (= 7.1.4)
-      activesupport (= 7.1.4)
+    activemodel (7.2.2)
+      activesupport (= 7.2.2)
+    activerecord (7.2.2)
+      activemodel (= 7.2.2)
+      activesupport (= 7.2.2)
       timeout (>= 0.4.0)
-    activesupport (7.1.4)
+    activesupport (7.2.2)
       base64
+      benchmark (>= 0.3)
       bigdecimal
-      concurrent-ruby (~> 1.0, >= 1.0.2)
+      concurrent-ruby (~> 1.0, >= 1.3.1)
       connection_pool (>= 2.2.5)
       drb
       i18n (>= 1.6, < 2)
+      logger (>= 1.4.2)
       minitest (>= 5.1)
-      mutex_m
-      tzinfo (~> 2.0)
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0, >= 2.0.5)
     addressable (2.8.7)
       public_suffix (>= 2.0.2, < 7.0)
     ansi (1.5.0)
@@ -32,6 +34,7 @@ GEM
     async-io (1.43.2)
       async
     base64 (0.2.0)
+    benchmark (0.3.0)
     bigdecimal (3.1.8)
     browserstack-local (1.4.3)
     byebug (11.1.3)
@@ -63,7 +66,7 @@ GEM
     espeak-ruby (1.1.0)
     event_emitter (0.2.6)
     eventmachine (1.2.7)
-    execjs (2.9.1)
+    execjs (2.10.0)
     fiber-annotation (0.2.0)
     fiber-local (1.1.0)
       fiber-storage
@@ -84,7 +87,7 @@ GEM
     irb (1.14.1)
       rdoc (>= 4.0.0)
       reline (>= 0.4.2)
-    json (2.7.2)
+    json (2.7.6)
     language_server-protocol (3.17.0.3)
     logger (1.6.1)
     matrix (0.4.2)
@@ -102,13 +105,12 @@ GEM
     msgpack (1.7.3)
     mustermann (3.0.3)
       ruby2_keywords (~> 0.0.1)
-    mutex_m (0.2.0)
     net-protocol (0.2.2)
       timeout
     net-smtp (0.5.0)
       net-protocol
     netrc (0.11.0)
-    nio4r (2.7.3)
+    nio4r (2.7.4)
     nokogiri (1.16.7-aarch64-linux)
       racc (~> 1.4)
     nokogiri (1.16.7-arm-linux)
@@ -121,12 +123,12 @@ GEM
       racc (~> 1.4)
     nokogiri (1.16.7-x86_64-linux)
       racc (~> 1.4)
-    otr-activerecord (2.2.0)
-      activerecord (>= 4.0, < 7.2)
+    otr-activerecord (2.4.0)
+      activerecord (>= 6.0, < 7.3)
       hashie-forbidden_attributes (~> 0.1)
     parallel (1.26.3)
     parseconfig (1.1.2)
-    parser (3.3.5.0)
+    parser (3.3.5.1)
       ast (~> 2.4.1)
       racc
     power_assert (2.0.4)
@@ -143,7 +145,7 @@ GEM
       mojo_magick (~> 0.6.5)
       rqrcode_core (~> 1.0)
     racc (1.8.1)
-    rack (2.2.9)
+    rack (2.2.10)
     rack-protection (3.2.0)
       base64 (>= 0.1.0)
       rack (~> 2.2, >= 2.2.4)
@@ -161,14 +163,14 @@ GEM
       http-cookie (>= 1.0.2, < 2.0)
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
-    rexml (3.3.8)
+    rexml (3.3.9)
     rqrcode_core (1.2.0)
     rr (3.1.1)
     rspec (3.13.0)
       rspec-core (~> 3.13.0)
       rspec-expectations (~> 3.13.0)
       rspec-mocks (~> 3.13.0)
-    rspec-core (3.13.1)
+    rspec-core (3.13.2)
       rspec-support (~> 3.13.0)
     rspec-expectations (3.13.3)
       diff-lcs (>= 1.2.0, < 2.0)
@@ -177,7 +179,7 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
     rspec-support (3.13.1)
-    rubocop (1.66.1)
+    rubocop (1.68.0)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
@@ -187,15 +189,16 @@ GEM
       rubocop-ast (>= 1.32.2, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.32.3)
+    rubocop-ast (1.33.1)
       parser (>= 3.3.1.0)
     ruby-progressbar (1.13.0)
     ruby2_keywords (0.0.5)
     rubyzip (2.3.2)
     rushover (0.3.0)
       json
       rest-client
-    selenium-webdriver (4.25.0)
+    securerandom (0.3.1)
+    selenium-webdriver (4.26.0)
       base64 (~> 0.2)
       logger (~> 1.4)
       rexml (~> 3.2, >= 3.2.5)
@@ -207,12 +210,12 @@ GEM
       rack-protection (= 3.2.0)
       tilt (~> 2.0)
     slack-notifier (2.4.0)
-    sqlite3 (1.7.3-aarch64-linux)
-    sqlite3 (1.7.3-arm-linux)
-    sqlite3 (1.7.3-arm64-darwin)
-    sqlite3 (1.7.3-x86-linux)
-    sqlite3 (1.7.3-x86_64-darwin)
-    sqlite3 (1.7.3-x86_64-linux)
+    sqlite3 (2.2.0-aarch64-linux-gnu)
+    sqlite3 (2.2.0-arm-linux-gnu)
+    sqlite3 (2.2.0-arm64-darwin)
+    sqlite3 (2.2.0-x86-linux-gnu)
+    sqlite3 (2.2.0-x86_64-darwin)
+    sqlite3 (2.2.0-x86_64-linux-gnu)
     stringio (3.1.1)
     sync (0.5.0)
     term-ansicolor (1.11.2)
@@ -241,15 +244,15 @@ GEM
     tilt (2.4.0)
     timeout (0.4.1)
     timers (4.3.5)
-    tins (1.35.0)
+    tins (1.37.0)
       bigdecimal
       sync
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     uglifier (4.2.1)
       execjs (>= 0.3.0, < 3)
     unicode-display_width (2.6.0)
-    webrick (1.8.2)
+    webrick (1.9.0)
     websocket (1.2.11)
     websocket-client-simple (0.6.1)
       event_emitter
@@ -268,6 +271,7 @@ PLATFORMS
   x86_64-linux
 
 DEPENDENCIES
+  activerecord (~> 7.2)
   ansi (~> 1.5)
   async (~> 1.32)
   async-dns (~> 1.3)
@@ -278,15 +282,15 @@ DEPENDENCIES
   erubis (~> 2.7)
   espeak-ruby (~> 1.1.0)
   eventmachine (~> 1.2, >= 1.2.7)
-  execjs (~> 2.9)
+  execjs (~> 2.10)
   geckodriver-helper (~> 0.24.0)
   irb (~> 1.14)
   json
   maxmind-db (~> 1.2)
   mime-types (~> 3.6)
   msfrpc-client (~> 1.1, >= 1.1.2)
   net-smtp
-  otr-activerecord (~> 2.2.0)
+  otr-activerecord (~> 2.4.0)
   parseconfig (~> 1.1, >= 1.1.2)
   pry-byebug (~> 3.10, >= 3.10.1)
   qr4r (~> 0.6.1)
@@ -296,13 +300,13 @@ DEPENDENCIES
   rdoc (~> 6.7)
   rest-client (~> 2.1.0)
   rspec (~> 3.13)
-  rubocop (~> 1.66.1)
+  rubocop (~> 1.68.0)
   rubyzip (~> 2.3)
   rushover (~> 0.3.0)
-  selenium-webdriver (~> 4.25)
+  selenium-webdriver (~> 4.26)
   sinatra (~> 3.2)
   slack-notifier (~> 2.4)
-  sqlite3 (~> 1.4)
+  sqlite3 (~> 2.2)
   term-ansicolor
   test-unit-full (~> 0.0.5)
   thin (~> 1.8)

beef

@@ -194,7 +194,6 @@ end
 
 # Connect to DB
 ActiveRecord::Base.logger = nil
-OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
 OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database:db_file)
 # otr-activerecord require you to manually establish the connection with the following line
 #Also a check to confirm that the correct Gem version is installed to require it, likely easier for old systems.
@@ -204,10 +203,12 @@ end
 
 # Migrate (if required)
 ActiveRecord::Migration.verbose = false # silence activerecord migration stdout messages
-context = ActiveRecord::Migration.new.migration_context
+ActiveRecord::Migrator.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
+context = ActiveRecord::MigrationContext.new(ActiveRecord::Migrator.migrations_paths)
 if context.needs_migration?
   ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration, context.internal_metadata).migrate
 end
+
 #
 # @note Extensions may take a moment to load, thus we print out a please wait message
 #

core/filters/browser.rb

@@ -46,7 +46,7 @@ def self.is_valid_browserversion?(str)
       return false if has_non_printable_char?(str)
       return true if str.eql? 'UNKNOWN'
       return true if str.eql? 'ALL'
-      return false if !nums_only?(str) and !is_valid_float?(str)
+      return false if !nums_only?(str) and !str.match(/\A(0|[1-9][0-9]{0,3})(\.(0|[1-9][0-9]{0,3})){0,3}\z/)
       return false if str.length > 20
 
       true

core/main/ar-migrations/015_create_http.rb

@@ -4,8 +4,8 @@ def change
       t.text :hooked_browser_id
       # The http request to perform. In clear text.
       t.text :request
-      # Boolean value as string to say whether cross-domain requests are allowed
-      t.boolean :allow_cross_domain, default: true
+      # Boolean value as string to say whether cross-origin requests are allowed
+      t.boolean :allow_cross_origin, default: true
       # The http response body received. In clear text.
       t.text :response_data
       # The http response code. Useful to handle cases like 404, 500, 302, ...
@@ -26,7 +26,7 @@ def change
       t.text :domain
       # The port on which perform the request.
       t.text :port
-      # Boolean value to say if the request was cross-domain
+      # Boolean value to say if the request was cross-origin
       t.text :has_ran, default: 'waiting'
       # The path of the request.
       # Example: /secret.html

core/main/ar-migrations/025_create_xssrays_scan.rb

@@ -5,7 +5,7 @@ def change
       t.datetime :scan_start
       t.datetime :scan_finish
       t.text :domain
-      t.text :cross_domain
+      t.text :cross_origin
       t.integer :clean_timeout
       t.boolean :is_started
       t.boolean :is_finished