Module: Aikido::Zen::Sinks::HTTPX

Defined in:
lib/aikido/zen/sinks/httpx.rb

Defined Under Namespace

Modules: Helpers

Constant Summary collapse

SINK = 
Sinks.add("httpx", scanners: [
  Scanners::SSRFScanner
])

Class Method Summary collapse

Class Method Details

.load_sinks!Object 



37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
 
# File 'lib/aikido/zen/sinks/httpx.rb', line 37

def self.load_sinks!
  if Aikido::Zen.satisfy "httpx", ">= 1.1.3"
    require "httpx"

    ::HTTPX::Session.class_eval do
      extend Sinks::DSL

      sink_around :send_request do |original_call, request|
        wrapped_request = Helpers.wrap_request(request)

        # Store the request information so the DNS sinks can pick it up.
        context = Aikido::Zen.current_context
        if context
          prev_request = context["ssrf.request"]
          context["ssrf.request"] = wrapped_request
        end

        connection = OutboundConnection.from_uri(request.uri)

        settings = Aikido::Zen.runtime_settings

        client_ip = context&.request&.client_ip

        unless settings.bypassed_ip?(client_ip)
          Aikido::Zen.track_outbound(connection)

          if settings.block_outbound?(connection)
            Sinks::DSL.presafe do
              raise OutboundConnectionBlockedError.new(connection)
            end
          end
        end

        Helpers.scan(wrapped_request, connection, "request")

        request.on(:response) do |response|
          Scanners::SSRFScanner.track_redirects(
            request: wrapped_request,
            response: Helpers.wrap_response(response)
          )
        end

        original_call.call
      ensure
        context["ssrf.request"] = prev_request if context
      end
    end
  end
end