Module: Aikido::Zen::Sinks::HTTPX::Extensions

Defined in:: lib/aikido/zen/sinks/httpx.rb

Class Method Summary collapse

Instance Method Summary collapse

#send_request(request) ⇒ Object

Class Method Details

.wrap_request(request) ⇒ `Object`

# File 'lib/aikido/zen/sinks/httpx.rb', line 15

def self.wrap_request(request)
  Aikido::Zen::Scanners::SSRFScanner::Request.new(
    verb: request.verb,
    uri: request.uri,
    headers: request.headers.to_hash
  )
end

.wrap_response(response) ⇒ `Object`

# File 'lib/aikido/zen/sinks/httpx.rb', line 23

def self.wrap_response(response)
  Aikido::Zen::Scanners::SSRFScanner::Response.new(
    status: response.status,
    headers: response.headers.to_hash
  )
end

Instance Method Details

#send_request(request) ⇒ `Object`

# File 'lib/aikido/zen/sinks/httpx.rb', line 30

def send_request(request, *)
  wrapped_request = Extensions.wrap_request(request)

  # Store the request information so the DNS sinks can pick it up.
  if (context = Aikido::Zen.current_context)
    prev_request = context["ssrf.request"]
    context["ssrf.request"] = wrapped_request
  end

  SINK.scan(
    connection: Aikido::Zen::OutboundConnection.from_uri(request.uri),
    request: wrapped_request,
    operation: "request"
  )

  request.on(:response) do |response|
    Aikido::Zen::Scanners::SSRFScanner.track_redirects(
      request: wrapped_request,
      response: Extensions.wrap_response(response)
    )
  end

  super
ensure
  context["ssrf.request"] = prev_request if context
end

Module: Aikido::Zen::Sinks::HTTPX::Extensions

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.wrap_request(request) ⇒ Object

.wrap_response(response) ⇒ Object

Instance Method Details

#send_request(request) ⇒ Object

.wrap_request(request) ⇒ `Object`

.wrap_response(response) ⇒ `Object`

#send_request(request) ⇒ `Object`