RubyGems - aikido-zen - Versions diffs - 1.0.1.beta.4-arm64-linux → 1.0.2-arm64-linux - Mend

aikido-zen 1.0.1.beta.4-arm64-linux → 1.0.2-arm64-linux

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (83) hide show

checksums.yaml +4 -4
data/.simplecov +6 -0
data/README.md +2 -0
data/benchmarks/README.md +0 -1
data/benchmarks/rails7.1_benchmark.js +1 -0
data/benchmarks/rails7.1_sql_injection.js +52 -20
data/docs/config.md +9 -1
data/docs/proxy.md +10 -0
data/docs/rails.md +55 -13
data/docs/troubleshooting.md +62 -0
data/lib/aikido/zen/actor.rb +34 -4
data/lib/aikido/zen/agent/heartbeats_manager.rb +5 -5
data/lib/aikido/zen/agent.rb +19 -17
data/lib/aikido/zen/attack.rb +19 -9
data/lib/aikido/zen/attack_wave/helpers.rb +457 -0
data/lib/aikido/zen/attack_wave.rb +88 -0
data/lib/aikido/zen/cache.rb +91 -0
data/lib/aikido/zen/capped_collections.rb +22 -4
data/lib/aikido/zen/collector/event.rb +238 -0
data/lib/aikido/zen/collector/hosts.rb +16 -1
data/lib/aikido/zen/collector/routes.rb +13 -8
data/lib/aikido/zen/collector/stats.rb +33 -22
data/lib/aikido/zen/collector/users.rb +5 -3
data/lib/aikido/zen/collector.rb +107 -28
data/lib/aikido/zen/config.rb +54 -21
data/lib/aikido/zen/context/rack_request.rb +3 -0
data/lib/aikido/zen/context/rails_request.rb +3 -0
data/lib/aikido/zen/context.rb +42 -9
data/lib/aikido/zen/detached_agent/agent.rb +28 -27
data/lib/aikido/zen/detached_agent/front_object.rb +10 -6
data/lib/aikido/zen/detached_agent/server.rb +63 -26
data/lib/aikido/zen/event.rb +47 -2
data/lib/aikido/zen/helpers.rb +24 -0
data/lib/aikido/zen/internals.rb +23 -3
data/lib/aikido/zen/libzen-v0.1.48-arm64-linux.so +0 -0
data/lib/aikido/zen/middleware/{check_allowed_addresses.rb → allowed_address_checker.rb} +1 -1
data/lib/aikido/zen/middleware/attack_wave_protector.rb +46 -0
data/lib/aikido/zen/middleware/{set_context.rb → context_setter.rb} +1 -1
data/lib/aikido/zen/middleware/fork_detector.rb +23 -0
data/lib/aikido/zen/middleware/rack_throttler.rb +3 -1
data/lib/aikido/zen/middleware/request_tracker.rb +9 -4
data/lib/aikido/zen/outbound_connection.rb +18 -1
data/lib/aikido/zen/payload.rb +1 -1
data/lib/aikido/zen/rails_engine.rb +5 -8
data/lib/aikido/zen/request/rails_router.rb +17 -2
data/lib/aikido/zen/request.rb +21 -36
data/lib/aikido/zen/route.rb +57 -0
data/lib/aikido/zen/runtime_settings/endpoints.rb +37 -8
data/lib/aikido/zen/runtime_settings.rb +6 -5
data/lib/aikido/zen/scanners/path_traversal/helpers.rb +10 -7
data/lib/aikido/zen/scanners/path_traversal_scanner.rb +5 -4
data/lib/aikido/zen/scanners/shell_injection_scanner.rb +3 -2
data/lib/aikido/zen/scanners/sql_injection_scanner.rb +3 -2
data/lib/aikido/zen/scanners/ssrf_scanner.rb +2 -1
data/lib/aikido/zen/scanners/stored_ssrf_scanner.rb +8 -2
data/lib/aikido/zen/sink.rb +1 -1
data/lib/aikido/zen/sinks/action_controller.rb +3 -1
data/lib/aikido/zen/sinks/async_http.rb +40 -42
data/lib/aikido/zen/sinks/curb.rb +56 -58
data/lib/aikido/zen/sinks/em_http.rb +27 -29
data/lib/aikido/zen/sinks/excon.rb +62 -65
data/lib/aikido/zen/sinks/file.rb +108 -71
data/lib/aikido/zen/sinks/http.rb +26 -28
data/lib/aikido/zen/sinks/httpclient.rb +27 -29
data/lib/aikido/zen/sinks/httpx.rb +27 -29
data/lib/aikido/zen/sinks/kernel.rb +11 -12
data/lib/aikido/zen/sinks/mysql2.rb +10 -12
data/lib/aikido/zen/sinks/net_http.rb +25 -27
data/lib/aikido/zen/sinks/patron.rb +56 -58
data/lib/aikido/zen/sinks/pg.rb +23 -25
data/lib/aikido/zen/sinks/resolv.rb +21 -21
data/lib/aikido/zen/sinks/socket.rb +17 -12
data/lib/aikido/zen/sinks/sqlite3.rb +18 -21
data/lib/aikido/zen/sinks/trilogy.rb +10 -12
data/lib/aikido/zen/sinks.rb +1 -4
data/lib/aikido/zen/sinks_dsl.rb +39 -15
data/lib/aikido/zen/system_info.rb +1 -5
data/lib/aikido/zen/version.rb +2 -2
data/lib/aikido/zen.rb +78 -16
data/tasklib/bench.rake +1 -1
data/tasklib/libzen.rake +1 -0
metadata +15 -5
data/lib/aikido/zen/libzen-v0.1.39-arm64-linux.so +0 -0

data/lib/aikido/zen.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
+require_relative "zen/helpers"
 require_relative "zen/version"
 require_relative "zen/errors"
 require_relative "zen/actor"
@@ -11,14 +12,17 @@ require_relative "zen/agent"
 require_relative "zen/api_client"
 require_relative "zen/context"
 require_relative "zen/detached_agent"
-require_relative "zen/middleware/check_allowed_addresses"
 require_relative "zen/middleware/middleware"
+require_relative "zen/middleware/fork_detector"
+require_relative "zen/middleware/context_setter"
+require_relative "zen/middleware/allowed_address_checker"
+require_relative "zen/middleware/attack_wave_protector"
 require_relative "zen/middleware/request_tracker"
-require_relative "zen/middleware/set_context"
 require_relative "zen/outbound_connection"
 require_relative "zen/outbound_connection_monitor"
 require_relative "zen/runtime_settings"
 require_relative "zen/rate_limiter"
+require_relative "zen/attack_wave"
 require_relative "zen/scanners"
 module Aikido
@@ -36,10 +40,8 @@ module Aikido
         return
       end
-      return unless config.protect?
       unless load_sources! && load_sinks!
-        config.logger.warn "Zen could not find any supported libraries or frameworks. Visit https://github.com/AikidoSec/firewall-ruby for more information."
+        config.logger.warn("Zen could not find any supported libraries or frameworks. Visit https://github.com/AikidoSec/firewall-ruby for more information.")
         return
       end
@@ -78,6 +80,16 @@ module Aikido
       @runtime_settings = settings
     end
+    # @return [Boolean] whether the Aikido agent is currently blocking requests.
+    #   Blocking mode is configured at startup and can be controlled through the
+    #   Aikido dashboard at runtime.
+    def self.blocking_mode?
+      blocking_mode = runtime_settings.blocking_mode
+      return blocking_mode unless blocking_mode.nil?
+      config.blocking_mode
+    end
     # Gets information about the current system configuration, which is sent to
     # the server along with any events.
     def self.system_info
@@ -87,15 +99,9 @@ module Aikido
     # Manages runtime metrics extracted from your app, which are uploaded to the
     # Aikido servers if configured to do so.
     def self.collector
-      check_and_handle_fork
       @collector ||= Collector.new
     end
-    def self.detached_agent
-      check_and_handle_fork
-      @detached_agent ||= DetachedAgent::Agent.new
-    end
     # Gets the current context object that holds all information about the
     # current request.
     #
@@ -121,6 +127,18 @@ module Aikido
       collector.track_request
     end
+    # Track statistics about an attack wave the app is handling.
+    #
+    # @param attack_wave [Aikido::Zen::Events::AttackWave]
+    # @return [void]
+    def self.track_attack_wave(attack_wave)
+      collector.track_attack_wave(being_blocked: false)
+    end
+    # Track statistics about a route that the app has discovered.
+    #
+    # @param request [Aikido::Zen::Request]
+    # @return [void]
     def self.track_discovered_route(request)
       collector.track_route(request)
     end
@@ -165,12 +183,22 @@ module Aikido
       end
     end
+    # Align with other Zen implementations, while keeping internal consistency.
+    class << self
+      alias_method :set_user, :track_user
+    end
     # Marks that the Zen middleware was installed properly
     # @return void
     def self.middleware_installed!
       collector.middleware_installed!
     end
+    # @return [Aikido::Zen::AttackWave::Detector] the attack wave detector.
+    def self.attack_wave_detector
+      @attack_wave_detector ||= AttackWave::Detector.new
+    end
     # @!visibility private
     # Load all sources.
     #
@@ -208,8 +236,12 @@ module Aikido
       @agent ||= Agent.start
     end
+    def self.detached_agent
+      @detached_agent ||= DetachedAgent::Agent.new
+    end
     def self.detached_agent_server
-      @detached_agent_server ||= DetachedAgent::Server.start!
+      @detached_agent_server ||= DetachedAgent::Server.start
     end
     class << self
@@ -218,24 +250,54 @@ module Aikido
       LOCK = Mutex.new
       def start!
+        return unless start?
         @pid = Process.pid
         LOCK.synchronize do
           agent
           detached_agent_server
         end
       end
+      def start?
+        !config.api_token.nil? ||
+          config.blocking_mode? ||
+          config.debugging?
+      end
       def check_and_handle_fork
-        if has_forked
-          @detached_agent&.handle_fork
-        end
+        handle_fork if forked?
       end
-      def has_forked
+      def forked?
         pid_changed = Process.pid != @pid
         @pid = Process.pid
         pid_changed
       end
+      def handle_fork
+        @detached_agent&.handle_fork
+      end
+    end
+    # @!visibility private
+    # Returns the stack trace trimmed to where execution last entered Zen.
+    #
+    # @return [String]
+    def self.clean_stack_trace
+      stack_trace = caller_locations
+      spec = Gem.loaded_specs["aikido-zen"]
+      # Only trim stack frames from .../lib/aikido/zen/ in the aikido-zen gem,
+      # so calls in sample apps are preserved.
+      lib_path_start = File.expand_path(File.join(spec.full_gem_path, "lib", "aikido", "zen")) + File::SEPARATOR
+      index = stack_trace.index { |frame| !File.expand_path(frame.path).start_with?(lib_path_start) }
+      stack_trace = stack_trace[index..] if index
+      stack_trace.map(&:to_s).join("\n")
     end
   end
 end

data/tasklib/bench.rake CHANGED Viewed

@@ -87,7 +87,7 @@ Pathname.glob("sample_apps/*").select(&:directory?).each do |dir|
       end
       task :boot_unprotected_app do
-        boot_server(dir, port: PORT_UNPROTECTED, env: {"AIKIDO_DISABLED" => "true"})
+        boot_server(dir, port: PORT_UNPROTECTED, env: {"AIKIDO_DISABLE" => "true"})
       end
     end
   end

data/tasklib/libzen.rake CHANGED Viewed

@@ -76,6 +76,7 @@ LIBZENS = [
   LibZen.new("arm64-darwin.dylib", "libzen_internals_aarch64-apple-darwin.dylib"),
   LibZen.new("arm64-linux.so", "libzen_internals_aarch64-unknown-linux-gnu.so"),
   LibZen.new("arm64-linux-musl.so", "libzen_internals_aarch64-unknown-linux-musl.so"),
+  LibZen.new("aarch64-linux.so", "libzen_internals_aarch64-unknown-linux-gnu.so"),
   LibZen.new("x86_64-darwin.dylib", "libzen_internals_x86_64-apple-darwin.dylib"),
   LibZen.new("x86_64-linux.so", "libzen_internals_x86_64-unknown-linux-gnu.so"),
   LibZen.new("x86_64-linux-musl.so", "libzen_internals_x86_64-unknown-linux-musl.so"),

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aikido-zen
 version: !ruby/object:Gem::Version
-  version: 1.0.1.beta.4
+  version: 1.0.2
 platform: arm64-linux
 authors:
 - Aikido Security
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-08-11 00:00:00.000000000 Z
+date: 2025-12-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: concurrent-ruby
@@ -71,10 +71,13 @@ files:
 - README.md
 - Rakefile
 - benchmarks/README.md
+- benchmarks/rails7.1_benchmark.js
 - benchmarks/rails7.1_sql_injection.js
 - docs/banner.svg
 - docs/config.md
+- docs/proxy.md
 - docs/rails.md
+- docs/troubleshooting.md
 - lib/aikido-zen.rb
 - lib/aikido/zen.rb
 - lib/aikido/zen/actor.rb
@@ -82,9 +85,13 @@ files:
 - lib/aikido/zen/agent/heartbeats_manager.rb
 - lib/aikido/zen/api_client.rb
 - lib/aikido/zen/attack.rb
+- lib/aikido/zen/attack_wave.rb
+- lib/aikido/zen/attack_wave/helpers.rb
 - lib/aikido/zen/background_worker.rb
+- lib/aikido/zen/cache.rb
 - lib/aikido/zen/capped_collections.rb
 - lib/aikido/zen/collector.rb
+- lib/aikido/zen/collector/event.rb
 - lib/aikido/zen/collector/hosts.rb
 - lib/aikido/zen/collector/routes.rb
 - lib/aikido/zen/collector/sink_stats.rb
@@ -100,13 +107,16 @@ files:
 - lib/aikido/zen/detached_agent/server.rb
 - lib/aikido/zen/errors.rb
 - lib/aikido/zen/event.rb
+- lib/aikido/zen/helpers.rb
 - lib/aikido/zen/internals.rb
-- lib/aikido/zen/libzen-v0.1.39-arm64-linux.so
-- lib/aikido/zen/middleware/check_allowed_addresses.rb
+- lib/aikido/zen/libzen-v0.1.48-arm64-linux.so
+- lib/aikido/zen/middleware/allowed_address_checker.rb
+- lib/aikido/zen/middleware/attack_wave_protector.rb
+- lib/aikido/zen/middleware/context_setter.rb
+- lib/aikido/zen/middleware/fork_detector.rb
 - lib/aikido/zen/middleware/middleware.rb
 - lib/aikido/zen/middleware/rack_throttler.rb
 - lib/aikido/zen/middleware/request_tracker.rb
-- lib/aikido/zen/middleware/set_context.rb
 - lib/aikido/zen/outbound_connection.rb
 - lib/aikido/zen/outbound_connection_monitor.rb
 - lib/aikido/zen/package.rb

data/lib/aikido/zen/libzen-v0.1.39-arm64-linux.so DELETED Viewed

Binary file