Module: Aikido::Zen::Sinks::HTTPClient

Defined in:: lib/aikido/zen/sinks/httpclient.rb

Defined Under Namespace

Modules: Helpers

Constant Summary collapse

SINK =

Sinks.add("httpclient", scanners: [
  Scanners::SSRFScanner
])

Class Method Summary collapse

.load_sinks! ⇒ Object

Class Method Details

.load_sinks! ⇒ `Object`

# File 'lib/aikido/zen/sinks/httpclient.rb', line 73

def self.load_sinks!
  if Aikido::Zen.satisfy "httpclient", ">= 2.0"
    require "httpclient"

    ::HTTPClient.class_eval do
      extend Sinks::DSL

      private

      sink_around :do_get_block do |original_call, req|
        Helpers.sink(req, &original_call)
      end

      sink_around :do_get_stream do |original_call, req|
        Helpers.sink(req, &original_call)
      end

      sink_after :do_get_header do |_result, req, res, _sess|
        # Code coverage is disabled here because `do_get_header` is not called,
        # because WebMock does not mock it.
        # :nocov:
        Scanners::SSRFScanner.track_redirects(
          request: Helpers.wrap_request(req),
          response: Helpers.wrap_response(res)
        )
        # :nocov:
      end
    end
  end
end

Module: Aikido::Zen::Sinks::HTTPClient

Defined Under Namespace

Constant Summary collapse

Class Method Summary collapse

Class Method Details

.load_sinks! ⇒ Object

.load_sinks! ⇒ `Object`