Module: Aikido::Zen

Defined in:
lib/aikido/zen.rb,
lib/aikido/zen/scan.rb,
lib/aikido/zen/sink.rb,
lib/aikido/zen/actor.rb,
lib/aikido/zen/agent.rb,
lib/aikido/zen/event.rb,
lib/aikido/zen/route.rb,
lib/aikido/zen/attack.rb,
lib/aikido/zen/config.rb,
lib/aikido/zen/errors.rb,
lib/aikido/zen/worker.rb,
lib/aikido/zen/context.rb,
lib/aikido/zen/package.rb,
lib/aikido/zen/payload.rb,
lib/aikido/zen/request.rb,
lib/aikido/zen/version.rb,
lib/aikido/zen/sinks/pg.rb,
lib/aikido/zen/collector.rb,
lib/aikido/zen/internals.rb,
lib/aikido/zen/api_client.rb,
lib/aikido/zen/sinks/curb.rb,
lib/aikido/zen/sinks/file.rb,
lib/aikido/zen/sinks/http.rb,
lib/aikido/zen/sinks/excon.rb,
lib/aikido/zen/sinks/httpx.rb,
lib/aikido/zen/system_info.rb,
lib/aikido/zen/rails_engine.rb,
lib/aikido/zen/rate_limiter.rb,
lib/aikido/zen/sinks/kernel.rb,
lib/aikido/zen/sinks/mysql2.rb,
lib/aikido/zen/sinks/patron.rb,
lib/aikido/zen/sinks/resolv.rb,
lib/aikido/zen/sinks/socket.rb,
lib/aikido/zen/sinks/em_http.rb,
lib/aikido/zen/sinks/sqlite3.rb,
lib/aikido/zen/sinks/trilogy.rb,
lib/aikido/zen/request/schema.rb,
lib/aikido/zen/sinks/net_http.rb,
lib/aikido/zen/sinks/typhoeus.rb,
lib/aikido/zen/synchronizable.rb,
lib/aikido/zen/collector/hosts.rb,
lib/aikido/zen/collector/stats.rb,
lib/aikido/zen/collector/users.rb,
lib/aikido/zen/collector/routes.rb,
lib/aikido/zen/runtime_settings.rb,
lib/aikido/zen/sinks/async_http.rb,
lib/aikido/zen/sinks/httpclient.rb,
lib/aikido/zen/capped_collections.rb,
lib/aikido/zen/outbound_connection.rb,
lib/aikido/zen/rate_limiter/bucket.rb,
lib/aikido/zen/rate_limiter/result.rb,
lib/aikido/zen/collector/sink_stats.rb,
lib/aikido/zen/context/rack_request.rb,
lib/aikido/zen/rate_limiter/breaker.rb,
lib/aikido/zen/request/rails_router.rb,
lib/aikido/zen/context/rails_request.rb,
lib/aikido/zen/scanners/ssrf_scanner.rb,
lib/aikido/zen/middleware/set_context.rb,
lib/aikido/zen/request/schema/builder.rb,
lib/aikido/zen/runtime_settings/ip_set.rb,
lib/aikido/zen/sinks/action_controller.rb,
lib/aikido/zen/agent/heartbeats_manager.rb,
lib/aikido/zen/request/heuristic_router.rb,
lib/aikido/zen/middleware/rack_throttler.rb,
lib/aikido/zen/request/schema/definition.rb,
lib/aikido/zen/scanners/ssrf/dns_lookups.rb,
lib/aikido/zen/middleware/request_tracker.rb,
lib/aikido/zen/runtime_settings/endpoints.rb,
lib/aikido/zen/outbound_connection_monitor.rb,
lib/aikido/zen/request/schema/auth_schemas.rb,
lib/aikido/zen/request/schema/empty_schema.rb,
lib/aikido/zen/scanners/stored_ssrf_scanner.rb,
lib/aikido/zen/request/schema/auth_discovery.rb,
lib/aikido/zen/scanners/sql_injection_scanner.rb,
lib/aikido/zen/scanners/path_traversal/helpers.rb,
lib/aikido/zen/scanners/path_traversal_scanner.rb,
lib/aikido/zen/scanners/shell_injection_scanner.rb,
lib/aikido/zen/scanners/ssrf/private_ip_checker.rb,
lib/aikido/zen/middleware/check_allowed_addresses.rb,
lib/aikido/zen/runtime_settings/protection_settings.rb,
lib/aikido/zen/runtime_settings/rate_limit_settings.rb

Defined Under Namespace

Modules: Attacks, Events, Internals, Middleware, OutboundConnectionMonitor, Rails, Scanners, Sinks Classes: APIClient, APIError, Actor, Agent, Attack, CappedMap, CappedSet, Collector, Config, Context, Event, InternalsError, NetworkError, OutboundConnection, Package, PathTraversalError, Payload, RailsEngine, RateLimitedError, RateLimiter, Request, Route, RuntimeSettings, SQLInjectionError, SSRFDetectedError, Scan, ShellInjectionError, Sink, SystemInfo, UnderAttackError, Worker

Constant Summary collapse

VERSION = 
"0.2.0"
LIBZEN_VERSION =

The version of libzen_internals that we build against.

"0.1.37"

Class Method Summary collapse

Class Method Details

.Actor(actor) ⇒ Object .Actor(data) ⇒ Object

Converts an object into an Actor for reporting back to the Aikido Dashboard.

Overloads:

  • .Actor(actor) ⇒ Object

    Returns Aikido::Zen::Actor.

    Parameters:

    • actor (#to_aikido_actor)

      anything that implements #to_aikido_actor will have that method called and its value returned.

    Returns:

    • Aikido::Zen::Actor

  • .Actor(data) ⇒ Object

    Returns Aikido::Zen::Actor.

    Parameters:

    • data (Hash<Symbol, String>)

    Options Hash (data):

    • :id (String)

      a unique identifier for this user.

    • :name (String, nil)

      an optional name to display in the UI.

    Returns:

    • Aikido::Zen::Actor



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/aikido/zen/actor.rb', line 19

def self.Actor(data)
  return if data.nil?
  return data.to_aikido_actor if data.respond_to?(:to_aikido_actor)

  attrs = {}
  if data.respond_to?(:to_hash)
    attrs = data.to_hash
      .slice("id", "name", :id, :name)
      .compact
      .transform_keys(&:to_sym)
      .transform_values(&:to_s)
  else
    return nil
  end

  return nil if attrs[:id].nil? || attrs[:id].to_s.strip.empty?

  Actor.new(**attrs)
end

.collectorObject

Manages runtime metrics extracted from your app, which are uploaded to the Aikido servers if configured to do so.



45
46
47
 
# File 'lib/aikido/zen.rb', line 45

def self.collector
  @collector ||= Collector.new
end

.configAikido::Zen::Config

Returns the agent configuration.

Returns:



27
28
29
 
# File 'lib/aikido/zen.rb', line 27

def self.config
  @config ||= Config.new
end

.current_contextAikido::Zen::Context?

Gets the current context object that holds all information about the current request.

Returns:



53
54
55
 
# File 'lib/aikido/zen.rb', line 53

def self.current_context
  Thread.current[:_aikido_current_context_]
end

.current_context=(context) ⇒ Aikido::Zen::Context?

Sets the current context object that holds all information about the current request, or nil to clear the current context.

Parameters:

Returns:



62
63
64
 
# File 'lib/aikido/zen.rb', line 62

def self.current_context=(context)
  Thread.current[:_aikido_current_context_] = context
end

.load_sinks!void

This method returns an undefined value.

Load all sinks matching libraries loaded into memory. This method should be called after all other dependencies have been loaded into memory (i.e. at the end of the initialization process).

If a new gem is required, this method can be called again safely.



136
137
138
 
# File 'lib/aikido/zen.rb', line 136

def self.load_sinks!
  require_relative "zen/sinks"
end

.middleware_installed!Object

Marks that the Zen middleware was installed properly

Returns:

  • void



125
126
127
 
# File 'lib/aikido/zen.rb', line 125

def self.middleware_installed!
  collector.middleware_installed!
end

.runtime_settingsAikido::Zen::RuntimeSettings

Returns the firewall configuration sourced from your Aikido dashboard. This is periodically polled for updates.

Returns:

  • (Aikido::Zen::RuntimeSettings)

    the firewall configuration sourced from your Aikido dashboard. This is periodically polled for updates.



33
34
35
 
# File 'lib/aikido/zen.rb', line 33

def self.runtime_settings
  @runtime_settings ||= RuntimeSettings.new
end

.system_infoObject

Gets information about the current system configuration, which is sent to the server along with any events.



39
40
41
 
# File 'lib/aikido/zen.rb', line 39

def self.system_info
  @system_info ||= SystemInfo.new
end

.track_discovered_route(request) ⇒ Object 



75
76
77
78
 
# File 'lib/aikido/zen.rb', line 75

def self.track_discovered_route(request)
  autostart
  collector.track_route(request)
end

.track_outbound(connection) ⇒ void

This method returns an undefined value.

Tracks a network connection made to an external service.

Parameters:



84
85
86
87
 
# File 'lib/aikido/zen.rb', line 84

def self.track_outbound(connection)
  autostart
  collector.track_outbound(connection)
end

.track_request(request) ⇒ void

This method returns an undefined value.

Track statistics about an HTTP request the app is handling.

Parameters:



70
71
72
73
 
# File 'lib/aikido/zen.rb', line 70

def self.track_request(request)
  autostart
  collector.track_request(request)
end

.track_scan(scan) ⇒ void

This method returns an undefined value.

Track statistics about the result of a Sink’s scan, and report it as an Attack if one is detected.

Parameters:

Raises:



96
97
98
99
100
 
# File 'lib/aikido/zen.rb', line 96

def self.track_scan(scan)
  autostart
  collector.track_scan(scan)
  agent.handle_attack(scan.attack) if scan.attack?
end

.track_user(user) ⇒ void

This method returns an undefined value.

Track the user making the current request.



106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
 
# File 'lib/aikido/zen.rb', line 106

def self.track_user(user)
  return if config.disabled?

  if (actor = Aikido::Zen::Actor(user))
    autostart
    collector.track_user(actor)
    current_context.request.actor = actor if current_context
  else
    config.logger.warn(format(<<~LOG, obj: user))
      Incompatible object sent to track_user: %<obj>p

      The object must either implement #to_aikido_actor, or be a Hash with
      an :id (or "id") and, optionally, a :name (or "name") key.
    LOG
  end
end