Class: Aikido::Zen::Context

Inherits:
Object
  • Object
show all
Defined in:
lib/aikido/zen/context.rb

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(request, settings: Aikido::Zen.runtime_settings) {|request| ... } ⇒ Context

Returns a new instance of Context.

Parameters:

  • request (Rack::Request)

    a Request object that implements the Rack::Request API, to which we will delegate behavior.

  • settings (Aikido::Zen::RuntimeSettings) (defaults to: Aikido::Zen.runtime_settings)

Yield Parameters:

  • request (Rack::Request)

    the given request object.

Yield Returns:

  • (Hash<Symbol, #flat_map>)

    map of payload source types to the actual data from the request to populate them.



40
41
42
43
44
45
46
47
48
 
# File 'lib/aikido/zen/context.rb', line 40

def initialize(request, settings: Aikido::Zen.runtime_settings, &sources)
  @request = request
  @settings = settings
  @payload_sources = sources

  @metadata = {}
  @scanning = false
  @protection_disabled = false
end

Instance Attribute Details

#protection_disabledBoolean Also known as: protection_disabled?

Returns whether attack protection for the currently requested endpoint was disabled on the Aikido dashboard, or if the source IP for this request is in the “Bypass List”.

Returns:

  • (Boolean)

    whether attack protection for the currently requested endpoint was disabled on the Aikido dashboard, or if the source IP for this request is in the “Bypass List”.



30
31
32
 
# File 'lib/aikido/zen/context.rb', line 30

def protection_disabled
  @protection_disabled
end

#requestAikido::Zen::Request (readonly)

Returns:



21
22
23
 
# File 'lib/aikido/zen/context.rb', line 21

def request
  @request
end

#scanningBoolean Also known as: scanning?

Returns:

  • (Boolean) 


24
25
26
 
# File 'lib/aikido/zen/context.rb', line 24

def scanning
  @scanning
end

Class Method Details

.from_rack_env(env, config = Aikido::Zen.config) ⇒ Aikido::Zen::Context

Build a Context object for the current HTTP request based on the currently configured request builder.

Parameters:

  • env (Hash)

    the Rack env hash.

  • config (Aikido::Zen::Config) (defaults to: Aikido::Zen.config)

Returns:



16
17
18
 
# File 'lib/aikido/zen/context.rb', line 16

def self.from_rack_env(env, config = Aikido::Zen.config)
  config.request_builder.call(env)
end

Instance Method Details

#[](key) ⇒ Object?

Fetch some metadata stored in the Context.

Parameters:

  • key (String)

Returns:

  • (Object, nil) 


54
55
56
 
# File 'lib/aikido/zen/context.rb', line 54

def [](key)
  @metadata[key]
end

#[]=(key, value) ⇒ void

This method returns an undefined value.

Store some metadata in the Context so other Scanners can use it.

Parameters:

  • key (String)
  • value (Object) 


63
64
65
 
# File 'lib/aikido/zen/context.rb', line 63

def []=(key, value)
  @metadata[key] = value
end

#payloadsArray<Aikido::Zen::Payload>

Returns list of user inputs from all the different sources we recognize.

Returns:

  • (Array<Aikido::Zen::Payload>)

    list of user inputs from all the different sources we recognize.



81
82
83
84
85
 
# File 'lib/aikido/zen/context.rb', line 81

def payloads
  @payloads ||= payload_sources.flat_map do |source, data|
    extract_payloads_from(data, source)
  end
end

#update_request(new_request) ⇒ void

This method returns an undefined value.

Overrides the current request, and invalidates any memoized data obtained from it. This is useful for scenarios where setting the request in the middleware isn’t enough, such as Rails, where the router modifies it after the middleware has seen it.

Parameters:

  • new_request (Rack::Request) 


74
75
76
77
 
# File 'lib/aikido/zen/context.rb', line 74

def update_request(new_request)
  @payloads = nil
  request.__setobj__(new_request)
end