Skip to content

Remediate sinatra vulnerability #3392

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
zinduolis merged 2 commits into from
Sep 9, 2025
Merged

Remediate sinatra vulnerability #3392

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5cf6911
Updated the code to be compatible with Rack3
zinduolis Sep 9, 2025
cdb9ced
Update Gemfile and Gemfile.lock for Sinatra and Rack compatibility
zinduolis Sep 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions Gemfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ gem 'json'

gem 'eventmachine', '~> 1.2', '>= 1.2.7'
gem 'thin', '~> 2.0'
gem 'sinatra', '~> 3.2'
gem 'rack', '~> 2.2'
gem 'rack-protection', '~> 3.2.0'
gem 'sinatra', '~> 4.1'
gem 'rack', '~> 3.2'
gem 'rack-protection', '~> 4.1.1'
gem 'em-websocket', '~> 0.5.3' # WebSocket support
gem 'uglifier', '~> 4.2'
gem 'mime-types', '~> 3.7'
Expand Down
36 changes: 21 additions & 15 deletions Gemfile.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ GEM
io-endpoint
base64 (0.3.0)
benchmark (0.4.1)
bigdecimal (3.2.2)
bigdecimal (3.2.3)
browserstack-local (1.4.3)
byebug (12.0.0)
capybara (3.40.0)
Expand All @@ -48,8 +48,8 @@ GEM
xpath (~> 3.2)
coderay (1.1.3)
concurrent-ruby (1.3.5)
connection_pool (2.5.3)
console (1.33.0)
connection_pool (2.5.4)
console (1.34.0)
fiber-annotation
fiber-local (~> 1.1)
json
Expand Down Expand Up @@ -97,7 +97,7 @@ GEM
mime-types (3.7.0)
logger
mime-types-data (~> 3.2025, >= 3.2025.0507)
mime-types-data (3.2025.0819)
mime-types-data (3.2025.0902)
mini_mime (1.1.5)
minitest (5.25.5)
mojo_magick (0.6.8)
Expand Down Expand Up @@ -154,10 +154,14 @@ GEM
mojo_magick (~> 0.6.5)
rqrcode_core (~> 1.0)
racc (1.8.1)
rack (2.2.17)
rack-protection (3.2.0)
rack (3.2.1)
rack-protection (4.1.1)
base64 (>= 0.1.0)
rack (~> 2.2, >= 2.2.4)
logger (>= 1.6.0)
rack (>= 3.0.0, < 4)
rack-session (2.1.1)
base64 (>= 0.1.0)
rack (>= 3.0.0)
rack-test (2.2.0)
rack (>= 1.3)
rainbow (3.1.1)
Expand All @@ -173,7 +177,7 @@ GEM
http-cookie (>= 1.0.2, < 2.0)
mime-types (>= 1.16, < 4.0)
netrc (~> 0.8)
rexml (3.4.1)
rexml (3.4.3)
rqrcode_core (1.2.0)
rr (3.1.2)
rspec (3.13.1)
Expand Down Expand Up @@ -216,10 +220,12 @@ GEM
rexml (~> 3.2, >= 3.2.5)
rubyzip (>= 1.2.2, < 4.0)
websocket (~> 1.0)
sinatra (3.2.0)
sinatra (4.1.1)
logger (>= 1.6.0)
mustermann (~> 3.0)
rack (~> 2.2, >= 2.2.4)
rack-protection (= 3.2.0)
rack (>= 3.0.0, < 4)
rack-protection (= 4.1.1)
rack-session (>= 2.0.0, < 3)
tilt (~> 2.0)
slack-notifier (2.4.0)
sqlite3 (2.7.3-aarch64-linux-gnu)
Expand Down Expand Up @@ -259,7 +265,7 @@ GEM
tilt (2.6.1)
timeout (0.4.3)
timers (4.4.0)
tins (1.42.0)
tins (1.43.0)
bigdecimal
sync
tzinfo (2.0.6)
Expand Down Expand Up @@ -313,8 +319,8 @@ DEPENDENCIES
parseconfig (~> 1.1, >= 1.1.2)
pry-byebug (~> 3.11)
qr4r (~> 0.6.1)
rack (~> 2.2)
rack-protection (~> 3.2.0)
rack (~> 3.2)
rack-protection (~> 4.1.1)
rake (~> 13.3)
rdoc (~> 6.14)
rest-client (~> 2.1.0)
Expand All @@ -323,7 +329,7 @@ DEPENDENCIES
rubyzip (~> 3.1)
rushover (~> 0.3.0)
selenium-webdriver (~> 4.35)
sinatra (~> 3.2)
sinatra (~> 4.1)
slack-notifier (~> 2.4)
sqlite3 (~> 2.7)
term-ansicolor
Expand Down
7 changes: 6 additions & 1 deletion core/main/handlers/hookedbrowsers.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,12 @@ def confirm_browser_user_agent(user_agent)

# @note get zombie if already hooked the framework
hook_session_name = config.get('beef.http.hook_session_name')
hook_session_id = request[hook_session_name]
hook_session_id =
if request.respond_to?(:[])
request[hook_session_name]
else
request.params[hook_session_name] || request.env[hook_session_name]
end
begin
raise ActiveRecord::RecordNotFound if hook_session_id.nil?

Expand Down
6 changes: 5 additions & 1 deletion core/main/network_stack/handlers/dynamicreconstruction.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,11 @@ def check_packets
res = JSON.parse(b64).first
res['beefhook'] = packet[:beefhook]
res['request'] = request
res['beefsession'] = request[BeEF::Core::Configuration.instance.get('beef.http.hook_session_name')]
session_key = BeEF::Core::Configuration.instance.get('beef.http.hook_session_name')
res['beefsession'] = request.cookies[session_key] ||
request.params[session_key] ||
request.env[session_key]

execute(res)
rescue JSON::ParserError => e
print_debug 'Network stack could not decode packet stream.'
Expand Down
2 changes: 1 addition & 1 deletion extensions/admin_ui/api/handler.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ def self.mount_handler(beef_server)

# mount the media folder where we store static files (javascript, css, images, audio) for the admin ui
media_dir = "#{File.dirname(__FILE__)}/../media/"
beef_server.mount("#{bp}/media", Rack::File.new(media_dir))
beef_server.mount("#{bp}/media", Rack::Files.new(media_dir))

# If we're not imitating a web server, mount the favicon to /favicon.ico
# NOTE: this appears to be broken
Expand Down
Loading