Class: Faraday::SsrfFilter::Middleware

Inherits:

Middleware

Object
Middleware
Faraday::SsrfFilter::Middleware

show all

Defined in:: lib/faraday/ssrf_filter/middleware.rb

Constant Summary collapse

DEFAULT_SCHEMES =

%w[http https].freeze

REDIRECT_STATUSES =

(300..399)

IPV4_DENYLIST =

[
  IPAddr.new('0.0.0.0/8'),
  IPAddr.new('10.0.0.0/8'),
  IPAddr.new('100.64.0.0/10'),
  IPAddr.new('127.0.0.0/8'),
  IPAddr.new('169.254.0.0/16'),
  IPAddr.new('172.16.0.0/12'),
  IPAddr.new('192.0.0.0/24'),
  IPAddr.new('192.0.2.0/24'),
  IPAddr.new('192.168.0.0/16'),
  IPAddr.new('198.18.0.0/15'),
  IPAddr.new('198.51.100.0/24'),
  IPAddr.new('203.0.113.0/24'),
  IPAddr.new('224.0.0.0/4'),
  IPAddr.new('240.0.0.0/4'),
  IPAddr.new('255.255.255.255/32')
].freeze

IPV6_DENYLIST =

[
  IPAddr.new('::1/128'),
  IPAddr.new('::/128'),
  IPAddr.new('100::/64'),
  IPAddr.new('2001::/32'),
  IPAddr.new('2001:2::/48'),
  IPAddr.new('2001:10::/28'),
  IPAddr.new('2001:20::/28'),
  IPAddr.new('2001:db8::/32'),
  IPAddr.new('2002::/16'),
  IPAddr.new('3fff::/20'),
  IPAddr.new('5f00::/16'),
  IPAddr.new('fc00::/7'),
  IPAddr.new('fe80::/10'),
  IPAddr.new('ff00::/8'),
  IPAddr.new('64:ff9b:1::/48'),
  *IPV4_DENYLIST.flat_map do |range|
    pfx = range.prefix
    ip = range.to_s
    [
      IPAddr.new("::#{ip}/#{pfx + 96}"),
      IPAddr.new("::ffff:#{ip}/#{pfx + 96}"),
      IPAddr.new("::ffff:0:#{ip}/#{pfx + 96}"),
      IPAddr.new("64:ff9b::#{ip}/#{pfx + 96}")
    ]
  end
].freeze

Instance Method Summary collapse

#call(env) ⇒ Object
#initialize(app, options = {}) ⇒ Middleware constructor

A new instance of Middleware.

Constructor Details

#initialize(app, options = {}) ⇒ `Middleware`

Returns a new instance of Middleware.

# File 'lib/faraday/ssrf_filter/middleware.rb', line 66

def initialize(app, options = {})
  super(app)
  @schemes = (options[:allowed_schemes] || DEFAULT_SCHEMES).freeze
  @resolver = options[:resolver] || method(:default_resolver)
  @allow_ip_addresses = options[:allow_ip_addresses] == true
  @allowlist = parse_ip_list(options[:allowlist]).freeze
  @denylist = parse_ip_list(options[:denylist]).freeze
end

Instance Method Details

#call(env) ⇒ `Object`

# File 'lib/faraday/ssrf_filter/middleware.rb', line 75

def call(env)
  validate_and_pin!(env)
  @app.call(env).on_complete { |response_env| validate_redirect!(response_env) }
end

Class: Faraday::SsrfFilter::Middleware

Constant Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(app, options = {}) ⇒ Middleware

Instance Method Details

#call(env) ⇒ Object

#initialize(app, options = {}) ⇒ `Middleware`

#call(env) ⇒ `Object`