Module: Aikido::Zen::Sinks::HTTPX::Extensions

Defined in:
lib/aikido/zen/sinks/httpx.rb

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.wrap_request(request) ⇒ Object 



15
16
17
18
19
20
21
 
# File 'lib/aikido/zen/sinks/httpx.rb', line 15

def self.wrap_request(request)
  Aikido::Zen::Scanners::SSRFScanner::Request.new(
    verb: request.verb,
    uri: request.uri,
    headers: request.headers.to_hash
  )
end

.wrap_response(response) ⇒ Object 



23
24
25
26
27
28
 
# File 'lib/aikido/zen/sinks/httpx.rb', line 23

def self.wrap_response(response)
  Aikido::Zen::Scanners::SSRFScanner::Response.new(
    status: response.status,
    headers: response.headers.to_hash
  )
end

Instance Method Details

#send_request(request) ⇒ Object 



30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
# File 'lib/aikido/zen/sinks/httpx.rb', line 30

def send_request(request, *)
  wrapped_request = Extensions.wrap_request(request)

  # Store the request information so the DNS sinks can pick it up.
  if (context = Aikido::Zen.current_context)
    prev_request = context["ssrf.request"]
    context["ssrf.request"] = wrapped_request
  end

  SINK.scan(
    connection: Aikido::Zen::OutboundConnection.from_uri(request.uri),
    request: wrapped_request,
    operation: "request"
  )

  request.on(:response) do |response|
    Aikido::Zen::Scanners::SSRFScanner.track_redirects(
      request: wrapped_request,
      response: Extensions.wrap_response(response)
    )
  end

  super
ensure
  context["ssrf.request"] = prev_request if context
end