Module: Aikido::Zen::Sinks::Net::HTTP::Extensions

Defined in:: lib/aikido/zen/sinks/net_http.rb

Class Method Summary collapse

.build_outbound(http) ⇒ Aikido::Zen::OutboundConnection

Maps a Net::HTTP connection to an Aikido OutboundConnection, which our tooling expects.
.wrap_request(req, session) ⇒ Object
.wrap_response(response) ⇒ Object

Instance Method Summary collapse

#request(req) ⇒ Object

Class Method Details

.build_outbound(http) ⇒ `Aikido::Zen::OutboundConnection`

Maps a Net::HTTP connection to an Aikido OutboundConnection, which our tooling expects.

Parameters:

http (Net::HTTP)

Returns:

(Aikido::Zen::OutboundConnection)

# File 'lib/aikido/zen/sinks/net_http.rb', line 21

def self.build_outbound(http)
  Aikido::Zen::OutboundConnection.new(
    host: http.address,
    port: http.port
  )
end

.wrap_request(req, session) ⇒ `Object`

# File 'lib/aikido/zen/sinks/net_http.rb', line 28

def self.wrap_request(req, session)
  uri = req.uri if req.uri.is_a?(URI)
  uri ||= URI(format("%<scheme>s://%<hostname>s:%<port>s%<path>s", {
    scheme: session.use_ssl? ? "https" : "http",
    hostname: session.address,
    port: session.port,
    path: req.path
  }))

  Aikido::Zen::Scanners::SSRFScanner::Request.new(
    verb: req.method,
    uri: uri,
    headers: req.to_hash,
    header_normalizer: ->(val) { Array(val).join(", ") }
  )
end

.wrap_response(response) ⇒ `Object`

# File 'lib/aikido/zen/sinks/net_http.rb', line 45

def self.wrap_response(response)
  Aikido::Zen::Scanners::SSRFScanner::Response.new(
    status: response.code.to_i,
    headers: response.to_hash,
    header_normalizer: ->(val) { Array(val).join(", ") }
  )
end

Instance Method Details

#request(req) ⇒ `Object`

# File 'lib/aikido/zen/sinks/net_http.rb', line 53

def request(req, *)
  wrapped_request = Extensions.wrap_request(req, self)

  # Store the request information so the DNS sinks can pick it up.
  if (context = Aikido::Zen.current_context)
    prev_request = context["ssrf.request"]
    context["ssrf.request"] = wrapped_request
  end

  SINK.scan(
    connection: Extensions.build_outbound(self),
    request: wrapped_request,
    operation: "request"
  )

  response = super

  Aikido::Zen::Scanners::SSRFScanner.track_redirects(
    request: wrapped_request,
    response: Extensions.wrap_response(response)
  )

  response
ensure
  context["ssrf.request"] = prev_request if context
end

Module: Aikido::Zen::Sinks::Net::HTTP::Extensions

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.build_outbound(http) ⇒ Aikido::Zen::OutboundConnection

.wrap_request(req, session) ⇒ Object

.wrap_response(response) ⇒ Object

Instance Method Details

#request(req) ⇒ Object

.build_outbound(http) ⇒ `Aikido::Zen::OutboundConnection`

.wrap_request(req, session) ⇒ `Object`

.wrap_response(response) ⇒ `Object`

#request(req) ⇒ `Object`