Class: Aikido::Zen::Context

Inherits:

Object

• Object
• Aikido::Zen::Context

Defined in:

lib/aikido/zen/context.rb

Instance Attribute Summary

• #idor_protection_enabled ⇒ Boolean (also: #idor_protection_enabled?)
• #protection_disabled ⇒ Boolean (also: #protection_disabled?)

  Whether attack protection for the currently requested endpoint was disabled on the Aikido dashboard, or if the source IP for this request is in the “Bypass List”.

• #request ⇒ Aikido::Zen::Request readonly
• #scanning ⇒ Boolean (also: #scanning?)

Class Method Summary

• .from_rack_env(env, config = Aikido::Zen.config) ⇒ Aikido::Zen::Context

  Build a Context object for the current HTTP request based on the currently configured request builder.

Instance Method Summary

• #[](key) ⇒ Object^?

  Fetch some metadata stored in the Context.

• #[]=(key, value) ⇒ void

  Store some metadata in the Context so other Scanners can use it.

• #initialize(request, settings: Aikido::Zen.runtime_settings) {|request| ... } ⇒ Context constructor

  A new instance of Context.

• #payloads ⇒ Array<Aikido::Zen::Payload>

  List of user inputs from all the different sources we recognize.

• #update_request(new_request) ⇒ void

  Overrides the current request, and invalidates any memoized data obtained from it.

Constructor Details

#initialize(request, settings: Aikido::Zen.runtime_settings) {|request| ... } ⇒ Context

Returns a new instance of Context.

Parameters:

• request (Rack::Request) —

  a Request object that implements the Rack::Request API, to which we will delegate behavior.

• settings (Aikido::Zen::RuntimeSettings) (defaults to: Aikido::Zen.runtime_settings)

Yield Parameters:

• request (Rack::Request) —

  the given request object.

Yield Returns:

• (Hash<Symbol, #flat_map>) —

  map of payload source types to the actual data from the request to populate them.

# File 'lib/aikido/zen/context.rb', line 44

def initialize(request, settings: Aikido::Zen.runtime_settings, &sources)
  @request = request
  @settings = settings
  @payload_sources = sources

  @metadata = {}
  @scanning = false
  @protection_disabled = false
  @idor_protection_enabled = false
end

Instance Attribute Details

#idor_protection_enabled ⇒ Boolean Also known as: idor_protection_enabled?

Returns:

• (Boolean)

# File 'lib/aikido/zen/context.rb', line 34

def idor_protection_enabled
  @idor_protection_enabled
end

#protection_disabled ⇒ Boolean Also known as: protection_disabled?

Returns whether attack protection for the currently requested endpoint was disabled on the Aikido dashboard, or if the source IP for this request is in the “Bypass List”.

Returns:

• (Boolean) —

  whether attack protection for the currently requested endpoint was disabled on the Aikido dashboard, or if the source IP for this request is in the “Bypass List”.

# File 'lib/aikido/zen/context.rb', line 30

def protection_disabled
  @protection_disabled
end

#request ⇒ Aikido::Zen::Request (readonly)

Returns:

• (Aikido::Zen::Request)

# File 'lib/aikido/zen/context.rb', line 21

def request
  @request
end

#scanning ⇒ Boolean Also known as: scanning?

Returns:

• (Boolean)

# File 'lib/aikido/zen/context.rb', line 24

def scanning
  @scanning
end

Class Method Details

.from_rack_env(env, config = Aikido::Zen.config) ⇒ Aikido::Zen::Context

Build a Context object for the current HTTP request based on the currently configured request builder.

Parameters:

• env (Hash) —

  the Rack env hash.

• config (Aikido::Zen::Config) (defaults to: Aikido::Zen.config)

Returns:

• (Aikido::Zen::Context)

# File 'lib/aikido/zen/context.rb', line 16

def self.from_rack_env(env, config = Aikido::Zen.config)
  config.request_builder.call(env)
end

Instance Method Details

#[](key) ⇒ Object^?

Fetch some metadata stored in the Context.

Parameters:

• key (String)

Returns:

• (Object, nil)

# File 'lib/aikido/zen/context.rb', line 59

def [](key)
  @metadata[key]
end

#[]=(key, value) ⇒ void

This method returns an undefined value.

Store some metadata in the Context so other Scanners can use it.

Parameters:

• key (String)
• value (Object)

# File 'lib/aikido/zen/context.rb', line 68

def []=(key, value)
  @metadata[key] = value
end

#payloads ⇒ Array<Aikido::Zen::Payload>

Returns list of user inputs from all the different sources we recognize.

Returns:

• (Array<Aikido::Zen::Payload>) —

  list of user inputs from all the different sources we recognize.

# File 'lib/aikido/zen/context.rb', line 86

def payloads
  @payloads ||= payload_sources.flat_map do |source, data|
    extract_payloads_from(data, source)
  end
end

#update_request(new_request) ⇒ void

This method returns an undefined value.

Overrides the current request, and invalidates any memoized data obtained from it. This is useful for scenarios where setting the request in the middleware isn’t enough, such as Rails, where the router modifies it after the middleware has seen it.

Parameters:

• new_request (Rack::Request)

# File 'lib/aikido/zen/context.rb', line 79

def update_request(new_request)
  @payloads = nil
  request.__setobj__(new_request)
end