1
#
2
# Copyright (c) 2006-2025 Wade Alcorn - [email protected]
3
# Browser Exploitation Framework (BeEF) - https://beefproject.com
4
# See the file 'doc/COPYING' for copying permission
5
#
6
module BeEF
7
  module Core
8
    module Handlers
9
      class Commands
10
        include BeEF::Core::Handlers::Modules::BeEFJS
11
        include BeEF::Core::Handlers::Modules::Command
12

13
        @data = {}
14

15
        #
16
        # Handles command data
17
        #
18
        # @param [Hash] data Data from command execution
19
        # @param [Class] kclass Class of command
20
        #
21
        # @todo Confirm argument data variable type [radoen]: type is Hash confirmed.
22
        #
23
        def initialize(data, kclass)
24
          @kclass = BeEF::Core::Command.const_get(kclass.capitalize)
25
          @data = data
26
          setup
27
        end
28

29
        #
30
        # @note Initial setup function, creates the command module and saves details to datastore
31
        #
32
        def setup
33
          @http_params = @data['request'].params
34
          @http_header = {}
35
          http_header = @data['request'].env.select { |k, _v| k.to_s.start_with? 'HTTP_' }.each do |key, value|
36
            @http_header[key.sub(/^HTTP_/, '')] = value.force_encoding('UTF-8')
37
          end
38

39
          # @note get and check command id from the request
40
          command_id = get_param(@data, 'cid')
41
          unless command_id.is_a?(Integer)
42
            print_error("Command ID is invalid")
43
            return
44
          end
45

46
          # @note get and check session id from the request
47
          beefhook = get_param(@data, 'beefhook')
48
          unless BeEF::Filters.is_valid_hook_session_id?(beefhook)
49
            print_error 'BeEF hook session ID is invalid'
50
            return
51
          end
52

53
          result = get_param(@data, 'results')
54

55
          # @note create the command module to handle the response
56
          command = @kclass.new(BeEF::Module.get_key_by_class(@kclass))
57
          command.build_callback_datastore(result, command_id, beefhook, @http_params, @http_header)
58
          command.session_id = beefhook
59
          command.post_execute if command.respond_to?(:post_execute)
60

61
          # @todo this is the part that store result on db and the modify
62
          # will be accessible from all the framework and so UI too
63
          # @note get/set details for datastore and log entry
64
          command_friendly_name = command.friendlyname
65
          if command_friendly_name.empty?
66
            print_error 'command friendly name is empty'
67
            return
68
          end
69

70
          command_status = @data['status']
71
          unless command_status.is_a?(Integer)
72
            print_error 'command status is invalid'
73
            return
74
          end
75

76
          command_results = @data['results']
77
          if command_results.empty?
78
            print_error 'command results are empty'
79
            return
80
          end
81

82
          # @note save the command module results to the datastore and create a log entry
83
          command_results = { 'data' => command_results }
84
          BeEF::Core::Models::Command.save_result(
85
            beefhook,
86
            command_id,
87
            command_friendly_name,
88
            command_results,
89
            command_status
90
          )
91
        end
92

93
        #
94
        # @note Returns parameter from hash
95
        #
96
        # @param [Hash] query Hash of data to return data from
97
        # @param [String] key Key to search for and return inside `query`
98
        #
99
        # @return Value referenced in hash at the supplied key
100
        #
101
        def get_param(query, key)
102
          return unless query.instance_of?(Hash)
103
          return unless query.key?(key)
104

105
          query[key]
106
        end
107
      end
108
    end
109
  end
110
end
111

112