Class: Aikido::Zen::Attacks::StoredSSRFAttack

Inherits:

Aikido::Zen::Attack

• Object
• Aikido::Zen::Attack
• Aikido::Zen::Attacks::StoredSSRFAttack

Defined in:

lib/aikido/zen/attack.rb

Overview

Special case of an SSRF attack where we don’t have a context—we’re just detecting a request to a particularly sensitive address.

Instance Attribute Summary

• #address ⇒ Object readonly

  Returns the value of attribute address.

• #hostname ⇒ Object readonly

  Returns the value of attribute hostname.

Attributes inherited from Aikido::Zen::Attack

#context, #operation, #sink

Instance Method Summary

• #as_json ⇒ Object
• #exception ⇒ Object
• #initialize(hostname:, address:, **opts) ⇒ StoredSSRFAttack constructor

  A new instance of StoredSSRFAttack.

• #log_message ⇒ Object

Methods inherited from Aikido::Zen::Attack

#blocked?, #will_be_blocked!

Constructor Details

#initialize(hostname:, address:, **opts) ⇒ StoredSSRFAttack

Returns a new instance of StoredSSRFAttack.

# File 'lib/aikido/zen/attack.rb', line 112

def initialize(hostname:, address:, **opts)
  super(**opts)
  @hostname = hostname
  @address = address
end

Instance Attribute Details

#address ⇒ Object (readonly)

Returns the value of attribute address.

# File 'lib/aikido/zen/attack.rb', line 110

def address
  @address
end

#hostname ⇒ Object (readonly)

Returns the value of attribute hostname.

# File 'lib/aikido/zen/attack.rb', line 109

def hostname
  @hostname
end

Instance Method Details

#as_json ⇒ Object

# File 'lib/aikido/zen/attack.rb', line 129

def as_json
  {
    kind: "ssrf",
    blocked: blocked?,
    operation: @operation
  }
end

#exception ⇒ Object

# File 'lib/aikido/zen/attack.rb', line 125

def exception(*)
  SSRFDetectedError.new(self)
end

#log_message ⇒ Object

# File 'lib/aikido/zen/attack.rb', line 118

def log_message
  format(
    "Stored SSRF: Request to sensitive host «%s» (%s) detected from unknown source in %s",
    @hostname, @address, @operation
  )
end