Class: Aikido::Zen::AttackWave::Detector

Inherits:

Object

• Object
• Aikido::Zen::AttackWave::Detector

Defined in:

lib/aikido/zen/attack_wave.rb

Instance Attribute Summary

• #samples ⇒ Aikido::Zen::CappedSet readonly

Instance Method Summary

• #attack_wave?(context) ⇒ Boolean
• #initialize(config: Aikido::Zen.config, clock: nil) ⇒ Detector constructor

  A new instance of Detector.

Constructor Details

#initialize(config: Aikido::Zen.config, clock: nil) ⇒ Detector

Returns a new instance of Detector.

# File 'lib/aikido/zen/attack_wave.rb', line 12

def initialize(config: Aikido::Zen.config, clock: nil)
  @config = config

  @event_times = Cache.new(@config.attack_wave_max_cache_entries, ttl: @config.attack_wave_min_time_between_events, clock: clock)

  @request_counts = Cache.new(@config.attack_wave_max_cache_entries, 0, ttl: @config.attack_wave_min_time_between_requests, clock: clock)

  @samples = Cache.new(@config.attack_wave_max_cache_entries, ttl: @config.attack_wave_min_time_between_requests, clock: clock) do
    CappedSet.new(@config.attack_wave_max_cache_samples)
  end
end

Instance Attribute Details

#samples ⇒ Aikido::Zen::CappedSet (readonly)

Returns:

• (Aikido::Zen::CappedSet)

# File 'lib/aikido/zen/attack_wave.rb', line 10

def samples
  @samples
end

Instance Method Details

#attack_wave?(context) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/aikido/zen/attack_wave.rb', line 24

def attack_wave?(context)
  client_ip = context.request.client_ip

  return false unless client_ip

  return false if @event_times[client_ip]

  return false unless AttackWave::Helpers.web_scanner?(context)

  request_count = @request_counts[client_ip] += 1

  context.request.then do |request|
    @samples[client_ip] <<= Sample.new(
      verb: request.request_method,
      path: request.fullpath
    )
  end

  return false if request_count < @config.attack_wave_threshold

  @event_times[client_ip] = Time.now.utc

  true
end