Class: Aikido::Zen::Attacks::StoredSSRFAttack

Inherits:
Aikido::Zen::Attack show all
Defined in:
lib/aikido/zen/attack.rb

Overview

Special case of an SSRF attack where we don’t have a context—we’re just detecting a request to a particularly sensitive address.

Instance Attribute Summary collapse

Attributes inherited from Aikido::Zen::Attack

#context, #operation, #sink

Instance Method Summary collapse

Methods inherited from Aikido::Zen::Attack

#as_json, #blocked?, #will_be_blocked!

Constructor Details

#initialize(hostname:, address:, **opts) ⇒ StoredSSRFAttack

Returns a new instance of StoredSSRFAttack.



187
188
189
190
191
 
# File 'lib/aikido/zen/attack.rb', line 187

def initialize(hostname:, address:, **opts)
  super(**opts)
  @hostname = hostname
  @address = address
end

Instance Attribute Details

#addressObject (readonly)

Returns the value of attribute address.



185
186
187
 
# File 'lib/aikido/zen/attack.rb', line 185

def address
  @address
end

#hostnameObject (readonly)

Returns the value of attribute hostname.



184
185
186
 
# File 'lib/aikido/zen/attack.rb', line 184

def hostname
  @hostname
end

Instance Method Details

#exceptionObject 



197
198
199
 
# File 'lib/aikido/zen/attack.rb', line 197

def exception(*)
  SSRFDetectedError.new(self)
end

#humanized_nameObject 



193
194
195
 
# File 'lib/aikido/zen/attack.rb', line 193

def humanized_name
  "server-side request forgery"
end

#inputObject 



205
206
207
 
# File 'lib/aikido/zen/attack.rb', line 205

def input
  Aikido::Zen::Payload::UNKNOWN_PAYLOAD
end

#kindObject 



201
202
203
 
# File 'lib/aikido/zen/attack.rb', line 201

def kind
  "stored_ssrf"
end

#metadataObject 



209
210
211
212
213
214
 
# File 'lib/aikido/zen/attack.rb', line 209

def metadata
  {
    hostname: @hostname,
    privateIP: @address
  }
end