Module: Aikido::Zen::Sinks::HTTPClient::Helpers

Defined in:

lib/aikido/zen/sinks/httpclient.rb

Class Method Summary

• .scan(request, connection, operation) ⇒ Object
• .sink(req, &block) ⇒ Object
• .wrap_request(req) ⇒ Object
• .wrap_response(resp) ⇒ Object

Class Method Details

.scan(request, connection, operation) ⇒ Object

# File 'lib/aikido/zen/sinks/httpclient.rb', line 32

def self.scan(request, connection, operation)
  SINK.scan(
    request: request,
    connection: connection,
    operation: operation
  )
end

.sink(req, &block) ⇒ Object

# File 'lib/aikido/zen/sinks/httpclient.rb', line 40

def self.sink(req, &block)
  wrapped_request = wrap_request(req)
  connection = OutboundConnection.from_uri(req.http_header.request_uri)

  # Store the request information so the DNS sinks can pick it up.
  context = Aikido::Zen.current_context
  if context
    prev_request = context["ssrf.request"]
    context["ssrf.request"] = wrapped_request
  end

  settings = Aikido::Zen.runtime_settings

  client_ip = context&.request&.client_ip

  unless settings.bypassed_ip?(client_ip)
    Aikido::Zen.track_outbound(connection)

    if settings.block_outbound?(connection)
      Sinks::DSL.presafe do
        raise OutboundConnectionBlockedError.new(connection)
      end
    end
  end

  scan(wrapped_request, connection, "request")

  yield
ensure
  context["ssrf.request"] = prev_request if context
end

.wrap_request(req) ⇒ Object

# File 'lib/aikido/zen/sinks/httpclient.rb', line 13

def self.wrap_request(req)
  Scanners::SSRFScanner::Request.new(
    verb: req.http_header.request_method,
    uri: req.http_header.request_uri,
    headers: req.headers
  )
end

.wrap_response(resp) ⇒ Object

# File 'lib/aikido/zen/sinks/httpclient.rb', line 21

def self.wrap_response(resp)
  # Code coverage is disabled here because `do_get_header` is not called,
  # because WebMock does not mock it.
  # :nocov:
  Scanners::SSRFScanner::Response.new(
    status: resp.http_header.status_code,
    headers: resp.headers
  )
  # :nocov:
end