Module: Aikido::Zen::Sinks::HTTP

Defined in:
lib/aikido/zen/sinks/http.rb

Defined Under Namespace

Modules: Helpers

Constant Summary collapse

SINK = 
Sinks.add("http", scanners: [
  Scanners::SSRFScanner
])

Class Method Summary collapse

Class Method Details

.load_sinks!Object 



52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
 
# File 'lib/aikido/zen/sinks/http.rb', line 52

def self.load_sinks!
  if Aikido::Zen.satisfy "http", ">= 1.0"
    require "http"

    ::HTTP::Client.class_eval do
      extend Sinks::DSL

      sink_around :perform do |original_call, req|
        wrapped_request = Helpers.wrap_request(req)

        # Store the request information so the DNS sinks can pick it up.
        context = Aikido::Zen.current_context
        if context
          prev_request = context["ssrf.request"]
          context["ssrf.request"] = wrapped_request
        end

        connection = Helpers.build_outbound(req)

        settings = Aikido::Zen.runtime_settings

        client_ip = context&.request&.client_ip

        unless settings.bypassed_ip?(client_ip)
          Aikido::Zen.track_outbound(connection)

          if settings.block_outbound?(connection)
            Sinks::DSL.presafe do
              raise OutboundConnectionBlockedError.new(connection)
            end
          end
        end

        Helpers.scan(wrapped_request, connection, "request")

        response = original_call.call

        Scanners::SSRFScanner.track_redirects(
          request: wrapped_request,
          response: Helpers.wrap_response(response)
        )

        response
      ensure
        context["ssrf.request"] = prev_request if context
      end
    end
  end
end