16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
# File 'lib/aikido/zen/sinks/async_http.rb', line 16
def call(request)
uri = URI(format("%<scheme>s://%<authority>s%<path>s", {
scheme: request.scheme || scheme,
authority: request.authority || authority,
path: request.path
}))
wrapped_request = Aikido::Zen::Scanners::SSRFScanner::Request.new(
verb: request.method,
uri: uri,
headers: request..to_h,
header_normalizer: ->(value) { Array(value).join(", ") }
)
if (context = Aikido::Zen.current_context)
prev_request = context["ssrf.request"]
context["ssrf.request"] = wrapped_request
end
SINK.scan(
connection: Aikido::Zen::OutboundConnection.from_uri(uri),
request: wrapped_request,
operation: "request"
)
response = super
Aikido::Zen::Scanners::SSRFScanner.track_redirects(
request: wrapped_request,
response: Aikido::Zen::Scanners::SSRFScanner::Response.new(
status: response.status,
headers: response..to_h,
header_normalizer: ->(value) { Array(value).join(", ") }
)
)
response
ensure
context["ssrf.request"] = prev_request if context
end
|