Class: Aikido::Zen::Attacks::SSRFAttack

Inherits:

Aikido::Zen::Attack

• Object
• Aikido::Zen::Attack
• Aikido::Zen::Attacks::SSRFAttack

Defined in:

lib/aikido/zen/attack.rb

Instance Attribute Summary

• #input ⇒ Object readonly

  Returns the value of attribute input.

• #request ⇒ Object readonly

  Returns the value of attribute request.

Attributes inherited from Aikido::Zen::Attack

#context, #operation, #sink

Instance Method Summary

• #exception ⇒ Object
• #humanized_name ⇒ Object
• #initialize(request:, input:, **opts) ⇒ SSRFAttack constructor

  A new instance of SSRFAttack.

• #kind ⇒ Object
• #metadata ⇒ Object

Methods inherited from Aikido::Zen::Attack

#as_json, #blocked?, #will_be_blocked!

Constructor Details

#initialize(request:, input:, **opts) ⇒ SSRFAttack

Returns a new instance of SSRFAttack.

# File 'lib/aikido/zen/attack.rb', line 157

def initialize(request:, input:, **opts)
  super(**opts)
  @input = input
  @request = request
end

Instance Attribute Details

#input ⇒ Object (readonly)

Returns the value of attribute input.

# File 'lib/aikido/zen/attack.rb', line 154

def input
  @input
end

#request ⇒ Object (readonly)

Returns the value of attribute request.

# File 'lib/aikido/zen/attack.rb', line 155

def request
  @request
end

Instance Method Details

#exception ⇒ Object

# File 'lib/aikido/zen/attack.rb', line 171

def exception(*)
  SSRFDetectedError.new(self)
end

#humanized_name ⇒ Object

# File 'lib/aikido/zen/attack.rb', line 163

def humanized_name
  "server-side request forgery"
end

#kind ⇒ Object

# File 'lib/aikido/zen/attack.rb', line 167

def kind
  "ssrf"
end

#metadata ⇒ Object

# File 'lib/aikido/zen/attack.rb', line 175

def metadata
  {
    hostname: @request.uri.hostname,
    port: @request.uri.port.to_s
  }
end