Module: Aikido::Zen

Defined in:

lib/aikido/zen.rb,
lib/aikido/zen/scan.rb,
lib/aikido/zen/sink.rb,
lib/aikido/zen/actor.rb,
lib/aikido/zen/agent.rb,
lib/aikido/zen/event.rb,
lib/aikido/zen/route.rb,
lib/aikido/zen/attack.rb,
lib/aikido/zen/config.rb,
lib/aikido/zen/errors.rb,
lib/aikido/zen/worker.rb,
lib/aikido/zen/context.rb,
lib/aikido/zen/package.rb,
lib/aikido/zen/payload.rb,
lib/aikido/zen/request.rb,
lib/aikido/zen/version.rb,
lib/aikido/zen/sinks/pg.rb,
lib/aikido/zen/collector.rb,
lib/aikido/zen/internals.rb,
lib/aikido/zen/api_client.rb,
lib/aikido/zen/sinks/curb.rb,
lib/aikido/zen/sinks/http.rb,
lib/aikido/zen/sinks/excon.rb,
lib/aikido/zen/sinks/httpx.rb,
lib/aikido/zen/system_info.rb,
lib/aikido/zen/rails_engine.rb,
lib/aikido/zen/rate_limiter.rb,
lib/aikido/zen/sinks/mysql2.rb,
lib/aikido/zen/sinks/patron.rb,
lib/aikido/zen/sinks/resolv.rb,
lib/aikido/zen/sinks/socket.rb,
lib/aikido/zen/sinks/em_http.rb,
lib/aikido/zen/sinks/sqlite3.rb,
lib/aikido/zen/sinks/trilogy.rb,
lib/aikido/zen/request/schema.rb,
lib/aikido/zen/sinks/net_http.rb,
lib/aikido/zen/sinks/typhoeus.rb,
lib/aikido/zen/synchronizable.rb,
lib/aikido/zen/collector/hosts.rb,
lib/aikido/zen/collector/stats.rb,
lib/aikido/zen/collector/users.rb,
lib/aikido/zen/collector/routes.rb,
lib/aikido/zen/runtime_settings.rb,
lib/aikido/zen/sinks/async_http.rb,
lib/aikido/zen/sinks/httpclient.rb,
lib/aikido/zen/capped_collections.rb,
lib/aikido/zen/outbound_connection.rb,
lib/aikido/zen/rate_limiter/bucket.rb,
lib/aikido/zen/rate_limiter/result.rb,
lib/aikido/zen/collector/sink_stats.rb,
lib/aikido/zen/context/rack_request.rb,
lib/aikido/zen/middleware/throttler.rb,
lib/aikido/zen/rate_limiter/breaker.rb,
lib/aikido/zen/request/rails_router.rb,
lib/aikido/zen/context/rails_request.rb,
lib/aikido/zen/scanners/ssrf_scanner.rb,
lib/aikido/zen/middleware/set_context.rb,
lib/aikido/zen/request/schema/builder.rb,
lib/aikido/zen/runtime_settings/ip_set.rb,
lib/aikido/zen/sinks/action_controller.rb,
lib/aikido/zen/agent/heartbeats_manager.rb,
lib/aikido/zen/request/heuristic_router.rb,
lib/aikido/zen/request/schema/definition.rb,
lib/aikido/zen/scanners/ssrf/dns_lookups.rb,
lib/aikido/zen/runtime_settings/endpoints.rb,
lib/aikido/zen/outbound_connection_monitor.rb,
lib/aikido/zen/request/schema/auth_schemas.rb,
lib/aikido/zen/request/schema/empty_schema.rb,
lib/aikido/zen/scanners/stored_ssrf_scanner.rb,
lib/aikido/zen/request/schema/auth_discovery.rb,
lib/aikido/zen/scanners/sql_injection_scanner.rb,
lib/aikido/zen/scanners/ssrf/private_ip_checker.rb,
lib/aikido/zen/middleware/check_allowed_addresses.rb,
lib/aikido/zen/runtime_settings/protection_settings.rb,
lib/aikido/zen/runtime_settings/rate_limit_settings.rb

Defined Under Namespace

Modules: Attacks, Events, Internals, Middleware, OutboundConnectionMonitor, Rails, Scanners, Sinks Classes: APIClient, APIError, Actor, Agent, Attack, CappedMap, CappedSet, Collector, Config, Context, Event, InternalsError, NetworkError, OutboundConnection, Package, Payload, RailsEngine, RateLimitedError, RateLimiter, Request, Route, RuntimeSettings, SQLInjectionError, SSRFDetectedError, Scan, Sink, SystemInfo, UnderAttackError, Worker

Constant Summary

VERSION =

"0.1.1"

LIBZEN_VERSION =

The version of libzen_internals that we build against.

"0.1.31"

Class Method Summary

• .Actor(data) ⇒ Object

  Converts an object into an Actor for reporting back to the Aikido Dashboard.

• .collector ⇒ Object

  Manages runtime metrics extracted from your app, which are uploaded to the Aikido servers if configured to do so.

• .config ⇒ Aikido::Zen::Config

  The agent configuration.

• .current_context ⇒ Aikido::Zen::Context^?

  Gets the current context object that holds all information about the current request.

• .current_context=(context) ⇒ Aikido::Zen::Context^?

  Sets the current context object that holds all information about the current request, or nil to clear the current context.

• .load_sinks! ⇒ void

  Load all sinks matching libraries loaded into memory.

• .runtime_settings ⇒ Aikido::Zen::RuntimeSettings

  The firewall configuration sourced from your Aikido dashboard.

• .system_info ⇒ Object

  Gets information about the current system configuration, which is sent to the server along with any events.

• .track_outbound(connection) ⇒ void

  Tracks a network connection made to an external service.

• .track_request(request) ⇒ void

  Track statistics about an HTTP request the app is handling.

• .track_scan(scan) ⇒ void

  Track statistics about the result of a Sink’s scan, and report it as an Attack if one is detected.

• .track_user(user) ⇒ void

  Track the user making the current request.

Class Method Details

.Actor(actor) ⇒ Object .Actor(data) ⇒ Object

Converts an object into an Actor for reporting back to the Aikido Dashboard.

Overloads:

• .Actor(actor) ⇒ Object

  Returns Aikido::Zen::Actor.

  Parameters:

  • actor (#to_aikido_actor) —

    anything that implements #to_aikido_actor will have that method called and its value returned.

  Returns:

  • Aikido::Zen::Actor

• .Actor(data) ⇒ Object

  Returns Aikido::Zen::Actor.

  Parameters:

  • data (Hash<Symbol, String>)

  Options Hash (data):

  • :id (String) —

    a unique identifier for this user.

  • :name (String, nil) —

    an optional name to display in the UI.

  Returns:

  • Aikido::Zen::Actor

# File 'lib/aikido/zen/actor.rb', line 19

def self.Actor(data)
  return if data.nil?
  return data.to_aikido_actor if data.respond_to?(:to_aikido_actor)

  attrs = {}
  if data.respond_to?(:to_hash)
    attrs = data.to_hash
      .slice("id", "name", :id, :name)
      .compact
      .transform_keys(&:to_sym)
      .transform_values(&:to_s)
  else
    return nil
  end

  return nil if attrs[:id].nil? || attrs[:id].to_s.strip.empty?

  Actor.new(**attrs)
end

.collector ⇒ Object

Manages runtime metrics extracted from your app, which are uploaded to the Aikido servers if configured to do so.

# File 'lib/aikido/zen.rb', line 43

def self.collector
  @collector ||= Collector.new
end

.config ⇒ Aikido::Zen::Config

Returns the agent configuration.

Returns:

• (Aikido::Zen::Config) —

  the agent configuration.

# File 'lib/aikido/zen.rb', line 25

def self.config
  @config ||= Config.new
end

.current_context ⇒ Aikido::Zen::Context^?

Gets the current context object that holds all information about the current request.

Returns:

• (Aikido::Zen::Context, nil)

# File 'lib/aikido/zen.rb', line 51

def self.current_context
  Thread.current[:_aikido_current_context_]
end

.current_context=(context) ⇒ Aikido::Zen::Context^?

Sets the current context object that holds all information about the current request, or nil to clear the current context.

Parameters:

• context (Aikido::Zen::Context, nil)

Returns:

• (Aikido::Zen::Context, nil)

# File 'lib/aikido/zen.rb', line 60

def self.current_context=(context)
  Thread.current[:_aikido_current_context_] = context
end

.load_sinks! ⇒ void

This method returns an undefined value.

Load all sinks matching libraries loaded into memory. This method should be called after all other dependencies have been loaded into memory (i.e. at the end of the initialization process).

If a new gem is required, this method can be called again safely.

# File 'lib/aikido/zen.rb', line 123

def self.load_sinks!
  require_relative "zen/sinks"
end

.runtime_settings ⇒ Aikido::Zen::RuntimeSettings

Returns the firewall configuration sourced from your Aikido dashboard. This is periodically polled for updates.

Returns:

• (Aikido::Zen::RuntimeSettings) —

  the firewall configuration sourced from your Aikido dashboard. This is periodically polled for updates.

# File 'lib/aikido/zen.rb', line 31

def self.runtime_settings
  @runtime_settings ||= RuntimeSettings.new
end

.system_info ⇒ Object

Gets information about the current system configuration, which is sent to the server along with any events.

# File 'lib/aikido/zen.rb', line 37

def self.system_info
  @system_info ||= SystemInfo.new
end

.track_outbound(connection) ⇒ void

This method returns an undefined value.

Tracks a network connection made to an external service.

Parameters:

• connection (Aikido::Zen::OutboundConnection)

# File 'lib/aikido/zen.rb', line 77

def self.track_outbound(connection)
  autostart
  collector.track_outbound(connection)
end

.track_request(request) ⇒ void

This method returns an undefined value.

Track statistics about an HTTP request the app is handling.

Parameters:

• request (Aikido::Zen::Request)

# File 'lib/aikido/zen.rb', line 68

def self.track_request(request)
  autostart
  collector.track_request(request)
end

.track_scan(scan) ⇒ void

This method returns an undefined value.

Track statistics about the result of a Sink’s scan, and report it as an Attack if one is detected.

Parameters:

• scan (Aikido::Zen::Scan)

Raises:

• (Aikido::Zen::UnderAttackError) —

  if the scan detected an Attack and blocking_mode is enabled.

# File 'lib/aikido/zen.rb', line 89

def self.track_scan(scan)
  autostart
  collector.track_scan(scan)
  agent.handle_attack(scan.attack) if scan.attack?
end

.track_user(user) ⇒ void

This method returns an undefined value.

Track the user making the current request.

# File 'lib/aikido/zen.rb', line 99

def self.track_user(user)
  return if config.disabled?

  if (actor = Aikido::Zen::Actor(user))
    autostart
    collector.track_user(actor)
    current_context.request.actor = actor if current_context
  else
    config.logger.warn(format(<<~LOG, obj: user))
      Incompatible object sent to track_user: %<obj>p

      The object must either implement #to_aikido_actor, or be a Hash with
      an :id (or "id") and, optionally, a :name (or "name") key.
    LOG
  end
end