Module: SSRFsUp
- Defined in:
- lib/ssrfs-up.rb,
lib/ssrfs-up/version.rb
Overview
for the request.
Defined Under Namespace
Classes: Configuration
Constant Summary collapse
- VERSION =
"0.0.20".freeze
Class Attribute Summary collapse
-
.client ⇒ Object
Returns the value of attribute client.
-
.config ⇒ Object
Returns the value of attribute config.
Class Method Summary collapse
- .configuration ⇒ Object
-
.configure {|configuration| ... } ⇒ Object
configures the SSRFsUp module and recreates the AWS Lambda Client from the updated configuration.
-
.delete(host, opts = {}) ⇒ Object
convenience method for making a DELETE request with do.
-
.do(method, host, opts = {}) ⇒ Object
These methods take a string like “www.google.com” or “google.com” and parse the respective parameters from the string to make the request.
- .fast_check(host, opts) ⇒ Object
-
.get(host, opts = {}) ⇒ Object
convenience method for making a GET request with do.
-
.invoke(host = nil, opts = {}) ⇒ Object
invokes the lambda with the provided arguments.
-
.parseAsUri(uri = "") ⇒ Object
takes an ambiguous string or URI and sets the appropriate options based on if it can be parsed as URI object.
-
.patch(host, opts = {}) ⇒ Object
convenience method for making a patch request with do.
-
.payload(opts = {}) ⇒ Object
payload builds an API client Request object with the proper defaults and returns its JSON serialization.
-
.post(host, opts = {}) ⇒ Object
convenience method for making a POST request with do.
-
.put(host, opts = {}) ⇒ Object
convenience method for making a PUT request with do.
-
.toOpenAPIClient(opts = {}) ⇒ Object
converts a hash of options to a valid OpenapiClient Request so that it can be properly consumed by the lambda.
Class Attribute Details
.client ⇒ Object
Returns the value of attribute client.
44 45 46 |
# File 'lib/ssrfs-up.rb', line 44 def client @client end |
.config ⇒ Object
Returns the value of attribute config.
44 45 46 |
# File 'lib/ssrfs-up.rb', line 44 def config @config end |
Class Method Details
.configuration ⇒ Object
128 129 130 |
# File 'lib/ssrfs-up.rb', line 128 def configuration @config ||= Configuration.new end |
.configure {|configuration| ... } ⇒ Object
configures the SSRFsUp module and recreates the AWS Lambda Client from the updated configuration.
123 124 125 126 |
# File 'lib/ssrfs-up.rb', line 123 def configure yield(configuration) @client = Aws::Lambda::Client.new({ region: configuration.region, stub_responses: configuration.test }) end |
.delete(host, opts = {}) ⇒ Object
convenience method for making a DELETE request with do.
91 92 93 94 |
# File 'lib/ssrfs-up.rb', line 91 def delete(host, opts = {}) opts[:method] = "DELETE" invoke(host, opts) end |
.do(method, host, opts = {}) ⇒ Object
These methods take a string like “www.google.com” or “google.com” and parse the respective parameters from the string to make the request. If only a hostname is provided, the default options are applied. A hash of options can also be supplied to configure the request. The set of options can be found at github.com/chanzuckerberg/SSRFs-Up/blob/0e18fd30bee3f2b99ff4bc512cb967b83e8d9dcb/openapi.yaml#L97-L119
51 52 53 54 55 56 57 58 59 60 61 62 63 64 |
# File 'lib/ssrfs-up.rb', line 51 def do(method, host, opts = {}) case method.downcase when "get" get(host, opts) when "put" put(host, opts) when "post" post(host, opts) when "patch" patch(host, opts) when "delete" delete(host, opts) end end |
.fast_check(host, opts) ⇒ Object
136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 |
# File 'lib/ssrfs-up.rb', line 136 def fast_check(host, opts) scheme = opts[:secure] ? "https://" : "http://" path = opts[:path].nil? ? "" : opts[:path] params = opts[:params].nil? ? "" : "?" + URI.encode_www_form(opts[:params]) url = scheme + host + path + params filter_opts = { :max_redirects => opts[:redirect].nil? ? 3 : opts[:redirect] } filter_opts[:params] = opts[:params] unless opts[:params].nil? filter_opts[:body] = opts[:body] unless opts[:body].nil? filter_opts[:headers] = opts[:headers] unless opts[:headers].nil? begin case opts[:method].downcase when "get" resp = SsrfFilter.get(url, filter_opts) when "put" resp = SsrfFilter.put(url, filter_opts) when "post" resp = SsrfFilter.post(url, filter_opts) when "delete" resp = SsrfFilter.delete(url, filter_opts) when "patch" return { status_code: 404, status_text: "Unsupported method", body: "Cannot use patch with fast path." } end { status_code: resp.code.to_i, status_text: resp., body: resp.body } rescue SsrfFilter::PrivateIPAddress => exception { status_code: 404, status_text: "Invalid destination", body: exception.to_s } end end |
.get(host, opts = {}) ⇒ Object
convenience method for making a GET request with do.
67 68 69 70 |
# File 'lib/ssrfs-up.rb', line 67 def get(host, opts = {}) opts[:method] = "GET" invoke(host, opts) end |
.invoke(host = nil, opts = {}) ⇒ Object
invokes the lambda with the provided arguments. It handles all lambda related errors so developers should assume the data they receive back is straight from the server they are speaking to.
170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 |
# File 'lib/ssrfs-up.rb', line 170 def invoke(host = nil, opts = {}) opts = opts.merge(parseAsUri(host)) if (!opts[:proxy].nil? && !opts[:proxy]) || !configuration.proxy OpenStruct.new(fast_check(opts[:host], opts)) else begin resp = client.invoke({ function_name: configuration.func_name, invocation_type: configuration.invoke_type, log_type: configuration.log_type, payload: payload(opts), }) if resp["status_code"] == 200 OpenStruct.new(JSON.parse(resp&.payload&.string)) else OpenStruct.new({ body: "", status_code: resp[status_code], status_text: "500 Error with proxy" }) end rescue StandardError => e # fall back to local check if the lambda wasn't reachable. OpenStruct.new(fast_check(opts[:host], opts)) end end end |
.parseAsUri(uri = "") ⇒ Object
takes an ambiguous string or URI and sets the appropriate options based on if it can be parsed as URI object. If it can’t, then the string is assumed to be a hostname only.
99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 |
# File 'lib/ssrfs-up.rb', line 99 def parseAsUri(uri = "") uri = uri.to_s opts = { :host => uri.split("/")[0].split("?")[0].split("#")[0] } u = URI(uri) # if the scheme was present, we can parse most of the options from the URI. # otherwise, we can assume the URI was an actual hostname unless u.scheme.nil? opts[:secure] = !(u.scheme == "http") opts[:host] = u.host opts[:path] = u.path unless u.path == "" opts[:params] = CGI.parse(u.query) unless u.query.nil? end opts end |
.patch(host, opts = {}) ⇒ Object
convenience method for making a patch request with do.
85 86 87 88 |
# File 'lib/ssrfs-up.rb', line 85 def patch(host, opts = {}) opts[:method] = "PATCH" invoke(host, opts) end |
.payload(opts = {}) ⇒ Object
payload builds an API client Request object with the proper defaults and returns its JSON serialization.
197 198 199 |
# File 'lib/ssrfs-up.rb', line 197 def payload(opts = {}) toOpenAPIClient(opts).to_json end |
.post(host, opts = {}) ⇒ Object
convenience method for making a POST request with do.
79 80 81 82 |
# File 'lib/ssrfs-up.rb', line 79 def post(host, opts = {}) opts[:method] = "POST" invoke(host, opts) end |
.put(host, opts = {}) ⇒ Object
convenience method for making a PUT request with do.
73 74 75 76 |
# File 'lib/ssrfs-up.rb', line 73 def put(host, opts = {}) opts[:method] = "PUT" invoke(host, opts) end |
.toOpenAPIClient(opts = {}) ⇒ Object
converts a hash of options to a valid OpenapiClient Request so that it can be properly consumed by the lambda.
117 118 119 |
# File 'lib/ssrfs-up.rb', line 117 def toOpenAPIClient(opts = {}) OpenapiClient::Request.new(opts).to_hash end |