Module: Aikido::Zen::Sinks::EventMachine::HttpRequest

Defined in:
lib/aikido/zen/sinks/em_http.rb

Defined Under Namespace

Modules: Helpers Classes: Middleware

Constant Summary collapse

SINK = 
Sinks.add("em-http-request", scanners: [
  Scanners::SSRFScanner
])

Class Method Summary collapse

Class Method Details

.load_sinks!Object 



23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
# File 'lib/aikido/zen/sinks/em_http.rb', line 23

def self.load_sinks!
  if Aikido::Zen.satisfy "em-http-request", ">= 1.0"
    require "em-http-request"

    ::EventMachine::HttpRequest.use(EventMachine::HttpRequest::Middleware)

    # NOTE: We can't use middleware to intercept requests as we want to ensure any
    # modifications to the request from user-supplied middleware are already applied
    # before we scan the request.
    ::EventMachine::HttpClient.class_eval do
      extend Sinks::DSL

      sink_before :send_request do
        wrapped_request = Scanners::SSRFScanner::Request.new(
          verb: req.method.to_s,
          uri: URI(req.uri),
          headers: req.headers
        )

        # Store the request information so the DNS sinks can pick it up.
        context = Aikido::Zen.current_context
        context["ssrf.request"] = wrapped_request if context

        connection = OutboundConnection.new(
          host: req.host,
          port: req.port
        )

        settings = Aikido::Zen.runtime_settings

        client_ip = context&.request&.client_ip

        unless settings.bypassed_ip?(client_ip)
          Aikido::Zen.track_outbound(connection)

          if settings.block_outbound?(connection)
            Sinks::DSL.presafe do
              raise OutboundConnectionBlockedError.new(connection)
            end
          end
        end

        Helpers.scan(wrapped_request, connection, "request")
      end
    end
  end
end