Class: Aikido::Zen::Scanners::SSRF::PrivateIPChecker

Inherits:

Object

Object
Aikido::Zen::Scanners::SSRF::PrivateIPChecker

show all

Defined in:: lib/aikido/zen/scanners/ssrf/private_ip_checker.rb

Overview

Little helper to check if a given hostname or address is to be considered “dangerous” when used for an outbound HTTP request.

When given a hostname:

If any DNS lookups have been performed and stored in the current Zen context (under the “dns.lookups” metadata key), we will map it to the list of IPs that we’ve resolved it to.
If not, we’ll still try to map it to any statically defined address in the system hosts file (e.g. /etc/hosts).

Once we mapped the hostname to an IP address (or, if given an IP address), this will check that it’s not a loopback address, a private IP address (as defined by RFCs 1918 and 4193), or in one of the “special-use” IP ranges defined in RFC 5735.

Instance Method Summary collapse

#initialize(resolver = Resolv::Hosts.new) ⇒ PrivateIPChecker constructor

A new instance of PrivateIPChecker.
#private?(hostname_or_address) ⇒ Boolean

Constructor Details

#initialize(resolver = Resolv::Hosts.new) ⇒ `PrivateIPChecker`

Returns a new instance of PrivateIPChecker.



26
27
28

# File 'lib/aikido/zen/scanners/ssrf/private_ip_checker.rb', line 26

def initialize(resolver = Resolv::Hosts.new)
  @resolver = resolver
end

Instance Method Details

#private?(hostname_or_address) ⇒ `Boolean`

Parameters:

hostname_or_address (String)

Returns:

(Boolean)

# File 'lib/aikido/zen/scanners/ssrf/private_ip_checker.rb', line 32

def private?(hostname_or_address)
  resolve(hostname_or_address).any? do |ip|
    ip.loopback? || ip.private? || RFC5735.any? { |range| range === ip }
  end
end