Class: Aikido::Zen::Attacks::StoredSSRFAttack

Inherits:
Aikido::Zen::Attack show all
Defined in:
lib/aikido/zen/attack.rb

Overview

Special case of an SSRF attack where we don’t have a context—we’re just detecting a request to a particularly sensitive address.

Instance Attribute Summary collapse

Attributes inherited from Aikido::Zen::Attack

#context, #operation, #sink

Instance Method Summary collapse

Methods inherited from Aikido::Zen::Attack

#as_json, #blocked?, #will_be_blocked!

Constructor Details

#initialize(hostname:, address:, **opts) ⇒ StoredSSRFAttack

Returns a new instance of StoredSSRFAttack.



189
190
191
192
193
 
# File 'lib/aikido/zen/attack.rb', line 189

def initialize(hostname:, address:, **opts)
  super(**opts)
  @hostname = hostname
  @address = address
end

Instance Attribute Details

#addressObject (readonly)

Returns the value of attribute address.



187
188
189
 
# File 'lib/aikido/zen/attack.rb', line 187

def address
  @address
end

#hostnameObject (readonly)

Returns the value of attribute hostname.



186
187
188
 
# File 'lib/aikido/zen/attack.rb', line 186

def hostname
  @hostname
end

Instance Method Details

#exceptionObject 



199
200
201
 
# File 'lib/aikido/zen/attack.rb', line 199

def exception(*)
  SSRFDetectedError.new(self)
end

#humanized_nameObject 



195
196
197
 
# File 'lib/aikido/zen/attack.rb', line 195

def humanized_name
  "server-side request forgery"
end

#inputObject 



207
208
209
210
211
 
# File 'lib/aikido/zen/attack.rb', line 207

def input
  # When the payload is unknown the payload, source, and path properties
  # should be undefined, not "unknown".
  {}
end

#kindObject 



203
204
205
 
# File 'lib/aikido/zen/attack.rb', line 203

def kind
  "stored_ssrf"
end

#metadataObject 



213
214
215
216
217
218
 
# File 'lib/aikido/zen/attack.rb', line 213

def metadata
  {
    hostname: @hostname,
    privateIP: @address
  }
end