Class: Aikido::Zen::Scanners::StoredSSRFScanner
- Inherits:
-
Object
- Object
- Aikido::Zen::Scanners::StoredSSRFScanner
- Defined in:
- lib/aikido/zen/scanners/stored_ssrf_scanner.rb
Overview
Inspects the result of DNS lookups, to determine if we’re being the target of a stored SSRF targeting IMDS addresses (169.254.169.254).
Constant Summary collapse
- DANGEROUS_ADDRESSES =
[ IPAddr.new("169.254.169.254"), IPAddr.new("fd00:ec2::254") ]
Class Method Summary collapse
Instance Method Summary collapse
-
#attack? ⇒ String?
Either the offending address, or
nilif no address is deemed dangerous. -
#initialize(hostname, addresses, config: Aikido::Zen.config) ⇒ StoredSSRFScanner
constructor
A new instance of StoredSSRFScanner.
Constructor Details
#initialize(hostname, addresses, config: Aikido::Zen.config) ⇒ StoredSSRFScanner
Returns a new instance of StoredSSRFScanner.
21 22 23 24 25 |
# File 'lib/aikido/zen/scanners/stored_ssrf_scanner.rb', line 21 def initialize(hostname, addresses, config: Aikido::Zen.config) @hostname = hostname @addresses = addresses @config = config end |
Class Method Details
.call(hostname:, addresses:, operation:, sink:, context:, **opts) ⇒ Object
8 9 10 11 12 13 14 15 16 17 18 19 |
# File 'lib/aikido/zen/scanners/stored_ssrf_scanner.rb', line 8 def self.call(hostname:, addresses:, operation:, sink:, context:, **opts) offending_address = new(hostname, addresses).attack? return if offending_address.nil? Attacks::StoredSSRFAttack.new( hostname: hostname, address: offending_address, sink: sink, context: context, operation: "#{sink.operation}.#{operation}" ) end |
Instance Method Details
#attack? ⇒ String?
Returns either the offending address, or nil if no address is deemed dangerous.
29 30 31 32 33 34 35 |
# File 'lib/aikido/zen/scanners/stored_ssrf_scanner.rb', line 29 def attack? return false if @config.imds_allowed_hosts.include?(@hostname) @addresses.find do |candidate| DANGEROUS_ADDRESSES.any? { |address| address === candidate } end end |