Class: Aikido::Zen::Scanners::SSRFScanner::RedirectChains Private

Inherits:

Object

• Object
• Aikido::Zen::Scanners::SSRFScanner::RedirectChains

Defined in:

lib/aikido/zen/scanners/ssrf_scanner.rb

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Instance Method Summary

• #add(source:, destination:) ⇒ Object private
• #initialize ⇒ RedirectChains constructor private

  A new instance of RedirectChains.

• #origin(uri, visited = Set.new) ⇒ URI^? private

  Recursively looks for the original URI that triggered the current chain.

Constructor Details

#initialize ⇒ RedirectChains

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns a new instance of RedirectChains.

# File 'lib/aikido/zen/scanners/ssrf_scanner.rb', line 236

def initialize
  @redirects = Hash.new { |h, k| h[k] = [] }
end

Instance Method Details

#add(source:, destination:) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/aikido/zen/scanners/ssrf_scanner.rb', line 240

def add(source:, destination:)
  @redirects[destination].push(source)
  self
end

#origin(uri, visited = Set.new) ⇒ URI^?

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Recursively looks for the original URI that triggered the current chain. If given a URI that was not the result of a redirect chain, it returns nil

# File 'lib/aikido/zen/scanners/ssrf_scanner.rb', line 251

def origin(uri, visited = Set.new)
  source = @redirects[uri].first

  return source if visited.include?(source)
  visited << source

  if !@redirects[source].empty?
    origin(source, visited)
  else
    source
  end
end