RubyGems - aikido-zen - Versions diffs - 1.0.2-aarch64-linux - Mend

aikido-zen 1.0.2-aarch64-linux

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (125) hide show

checksums.yaml +7 -0
data/.aikido +6 -0
data/.ruby-version +1 -0
data/.simplecov +32 -0
data/.standard.yml +3 -0
data/LICENSE +674 -0
data/README.md +148 -0
data/Rakefile +67 -0
data/benchmarks/README.md +22 -0
data/benchmarks/rails7.1_benchmark.js +1 -0
data/benchmarks/rails7.1_sql_injection.js +102 -0
data/docs/banner.svg +202 -0
data/docs/config.md +133 -0
data/docs/proxy.md +10 -0
data/docs/rails.md +112 -0
data/docs/troubleshooting.md +62 -0
data/lib/aikido/zen/actor.rb +146 -0
data/lib/aikido/zen/agent/heartbeats_manager.rb +66 -0
data/lib/aikido/zen/agent.rb +181 -0
data/lib/aikido/zen/api_client.rb +145 -0
data/lib/aikido/zen/attack.rb +217 -0
data/lib/aikido/zen/attack_wave/helpers.rb +457 -0
data/lib/aikido/zen/attack_wave.rb +88 -0
data/lib/aikido/zen/background_worker.rb +52 -0
data/lib/aikido/zen/cache.rb +91 -0
data/lib/aikido/zen/capped_collections.rb +86 -0
data/lib/aikido/zen/collector/event.rb +238 -0
data/lib/aikido/zen/collector/hosts.rb +30 -0
data/lib/aikido/zen/collector/routes.rb +71 -0
data/lib/aikido/zen/collector/sink_stats.rb +95 -0
data/lib/aikido/zen/collector/stats.rb +122 -0
data/lib/aikido/zen/collector/users.rb +32 -0
data/lib/aikido/zen/collector.rb +223 -0
data/lib/aikido/zen/config.rb +312 -0
data/lib/aikido/zen/context/rack_request.rb +27 -0
data/lib/aikido/zen/context/rails_request.rb +47 -0
data/lib/aikido/zen/context.rb +145 -0
data/lib/aikido/zen/detached_agent/agent.rb +79 -0
data/lib/aikido/zen/detached_agent/front_object.rb +41 -0
data/lib/aikido/zen/detached_agent/server.rb +78 -0
data/lib/aikido/zen/detached_agent.rb +2 -0
data/lib/aikido/zen/errors.rb +107 -0
data/lib/aikido/zen/event.rb +116 -0
data/lib/aikido/zen/helpers.rb +24 -0
data/lib/aikido/zen/internals.rb +123 -0
data/lib/aikido/zen/libzen-v0.1.48-aarch64-linux.so +0 -0
data/lib/aikido/zen/middleware/allowed_address_checker.rb +26 -0
data/lib/aikido/zen/middleware/attack_wave_protector.rb +46 -0
data/lib/aikido/zen/middleware/context_setter.rb +26 -0
data/lib/aikido/zen/middleware/fork_detector.rb +23 -0
data/lib/aikido/zen/middleware/middleware.rb +11 -0
data/lib/aikido/zen/middleware/rack_throttler.rb +50 -0
data/lib/aikido/zen/middleware/request_tracker.rb +197 -0
data/lib/aikido/zen/outbound_connection.rb +62 -0
data/lib/aikido/zen/outbound_connection_monitor.rb +23 -0
data/lib/aikido/zen/package.rb +22 -0
data/lib/aikido/zen/payload.rb +50 -0
data/lib/aikido/zen/rails_engine.rb +53 -0
data/lib/aikido/zen/rate_limiter/breaker.rb +61 -0
data/lib/aikido/zen/rate_limiter/bucket.rb +76 -0
data/lib/aikido/zen/rate_limiter/result.rb +31 -0
data/lib/aikido/zen/rate_limiter.rb +50 -0
data/lib/aikido/zen/request/heuristic_router.rb +115 -0
data/lib/aikido/zen/request/rails_router.rb +92 -0
data/lib/aikido/zen/request/schema/auth_discovery.rb +86 -0
data/lib/aikido/zen/request/schema/auth_schemas.rb +54 -0
data/lib/aikido/zen/request/schema/builder.rb +121 -0
data/lib/aikido/zen/request/schema/definition.rb +107 -0
data/lib/aikido/zen/request/schema/empty_schema.rb +28 -0
data/lib/aikido/zen/request/schema.rb +87 -0
data/lib/aikido/zen/request.rb +88 -0
data/lib/aikido/zen/route.rb +96 -0
data/lib/aikido/zen/runtime_settings/endpoints.rb +78 -0
data/lib/aikido/zen/runtime_settings/ip_set.rb +36 -0
data/lib/aikido/zen/runtime_settings/protection_settings.rb +62 -0
data/lib/aikido/zen/runtime_settings/rate_limit_settings.rb +47 -0
data/lib/aikido/zen/runtime_settings.rb +66 -0
data/lib/aikido/zen/scan.rb +75 -0
data/lib/aikido/zen/scanners/path_traversal/helpers.rb +68 -0
data/lib/aikido/zen/scanners/path_traversal_scanner.rb +64 -0
data/lib/aikido/zen/scanners/shell_injection/helpers.rb +159 -0
data/lib/aikido/zen/scanners/shell_injection_scanner.rb +65 -0
data/lib/aikido/zen/scanners/sql_injection_scanner.rb +94 -0
data/lib/aikido/zen/scanners/ssrf/dns_lookups.rb +27 -0
data/lib/aikido/zen/scanners/ssrf/private_ip_checker.rb +97 -0
data/lib/aikido/zen/scanners/ssrf_scanner.rb +266 -0
data/lib/aikido/zen/scanners/stored_ssrf_scanner.rb +55 -0
data/lib/aikido/zen/scanners.rb +7 -0
data/lib/aikido/zen/sink.rb +118 -0
data/lib/aikido/zen/sinks/action_controller.rb +85 -0
data/lib/aikido/zen/sinks/async_http.rb +80 -0
data/lib/aikido/zen/sinks/curb.rb +113 -0
data/lib/aikido/zen/sinks/em_http.rb +83 -0
data/lib/aikido/zen/sinks/excon.rb +118 -0
data/lib/aikido/zen/sinks/file.rb +153 -0
data/lib/aikido/zen/sinks/http.rb +93 -0
data/lib/aikido/zen/sinks/httpclient.rb +95 -0
data/lib/aikido/zen/sinks/httpx.rb +78 -0
data/lib/aikido/zen/sinks/kernel.rb +33 -0
data/lib/aikido/zen/sinks/mysql2.rb +31 -0
data/lib/aikido/zen/sinks/net_http.rb +101 -0
data/lib/aikido/zen/sinks/patron.rb +103 -0
data/lib/aikido/zen/sinks/pg.rb +72 -0
data/lib/aikido/zen/sinks/resolv.rb +62 -0
data/lib/aikido/zen/sinks/socket.rb +85 -0
data/lib/aikido/zen/sinks/sqlite3.rb +46 -0
data/lib/aikido/zen/sinks/trilogy.rb +31 -0
data/lib/aikido/zen/sinks/typhoeus.rb +78 -0
data/lib/aikido/zen/sinks.rb +36 -0
data/lib/aikido/zen/sinks_dsl.rb +250 -0
data/lib/aikido/zen/synchronizable.rb +24 -0
data/lib/aikido/zen/system_info.rb +80 -0
data/lib/aikido/zen/version.rb +10 -0
data/lib/aikido/zen/worker.rb +87 -0
data/lib/aikido/zen.rb +303 -0
data/lib/aikido-zen.rb +3 -0
data/placeholder/.gitignore +4 -0
data/placeholder/README.md +11 -0
data/placeholder/Rakefile +75 -0
data/placeholder/lib/placeholder.rb.template +3 -0
data/placeholder/placeholder.gemspec.template +20 -0
data/tasklib/bench.rake +94 -0
data/tasklib/libzen.rake +133 -0
data/tasklib/wrk.rb +88 -0
metadata +214 -0

data/lib/aikido/zen/attack.rb ADDED Viewed

@@ -0,0 +1,217 @@
+# frozen_string_literal: true
+module Aikido::Zen
+  # Attack objects gather information about a type of detected attack.
+  # They can be used in a few ways, like for reporting an attack event
+  # to the Aikido server, or can be raised as errors to block requests
+  # if blocking_mode is on.
+  class Attack
+    attr_reader :context
+    attr_reader :operation
+    attr_accessor :sink
+    def initialize(context:, sink:, operation:, stack: nil)
+      @context = context
+      @operation = operation
+      @sink = sink
+      @stack = stack
+      @blocked = false
+    end
+    def will_be_blocked!
+      @blocked = true
+    end
+    def blocked?
+      @blocked
+    end
+    def humanized_name
+      raise NotImplementedError, "implement in subclasses"
+    end
+    def kind
+      raise NotImplementedError, "implement in subclasses"
+    end
+    def input
+      raise NotImplementedError, "implement in subclasses"
+    end
+    def metadata
+      raise NotImplementedError, "implement in subclasses"
+    end
+    def as_json
+      {
+        kind: kind,
+        blocked: blocked?,
+        metadata: metadata,
+        operation: @operation,
+        stack: @stack
+      }.compact.merge(input.as_json)
+    end
+    def exception(*)
+      raise NotImplementedError, "implement in subclasses"
+    end
+  end
+  module Attacks
+    class PathTraversalAttack < Attack
+      attr_reader :input
+      attr_reader :filepath
+      def initialize(input:, filepath:, **opts)
+        super(**opts)
+        @input = input
+        @filepath = filepath
+      end
+      def metadata
+        {
+          filename: filepath
+        }
+      end
+      def humanized_name
+        "path traversal attack"
+      end
+      def kind
+        "path_traversal"
+      end
+      def exception(*)
+        PathTraversalError.new(self)
+      end
+    end
+    class ShellInjectionAttack < Attack
+      attr_reader :input
+      attr_reader :command
+      def initialize(input:, command:, **opts)
+        super(**opts)
+        @input = input
+        @command = command
+      end
+      def humanized_name
+        "shell injection"
+      end
+      def kind
+        "shell_injection"
+      end
+      def metadata
+        {
+          command: @command
+        }
+      end
+      def exception(*)
+        ShellInjectionError.new(self)
+      end
+    end
+    class SQLInjectionAttack < Attack
+      attr_reader :query
+      attr_reader :input
+      attr_reader :dialect
+      def initialize(query:, input:, dialect:, **opts)
+        super(**opts)
+        @query = query
+        @input = input
+        @dialect = dialect
+      end
+      def humanized_name
+        "SQL injection"
+      end
+      def kind
+        "sql_injection"
+      end
+      def metadata
+        {
+          sql: @query,
+          dialect: @dialect.name
+        }
+      end
+      def exception(*)
+        SQLInjectionError.new(self)
+      end
+    end
+    class SSRFAttack < Attack
+      attr_reader :input
+      attr_reader :request
+      def initialize(request:, input:, **opts)
+        super(**opts)
+        @input = input
+        @request = request
+      end
+      def humanized_name
+        "server-side request forgery"
+      end
+      def kind
+        "ssrf"
+      end
+      def exception(*)
+        SSRFDetectedError.new(self)
+      end
+      def metadata
+        {
+          hostname: @request.uri.hostname,
+          port: @request.uri.port.to_s
+        }
+      end
+    end
+    # Special case of an SSRF attack where we don't have a context—we're just
+    # detecting a request to a particularly sensitive address.
+    class StoredSSRFAttack < Attack
+      attr_reader :hostname
+      attr_reader :address
+      def initialize(hostname:, address:, **opts)
+        super(**opts)
+        @hostname = hostname
+        @address = address
+      end
+      def humanized_name
+        "server-side request forgery"
+      end
+      def exception(*)
+        SSRFDetectedError.new(self)
+      end
+      def kind
+        "stored_ssrf"
+      end
+      def input
+        Aikido::Zen::Payload::UNKNOWN_PAYLOAD
+      end
+      def metadata
+        {
+          hostname: @hostname,
+          privateIP: @address
+        }
+      end
+    end
+  end
+end

data/lib/aikido/zen/attack_wave/helpers.rb ADDED Viewed

@@ -0,0 +1,457 @@
+# frozen_string_literal: true
+module Aikido::Zen
+  module AttackWave
+    module Helpers
+      def self.web_scanner?(context)
+        return true if suspicious_request?(context)
+        return true if include_suspicious_payload?(context)
+        false
+      end
+      def self.suspicious_request?(context)
+        request = context.request
+        suspicious_method?(request.request_method) || suspicious_path?(request.path_info)
+      end
+      def self.suspicious_method?(method)
+        SUSPICIOUS_METHODS.include?(method.downcase)
+      end
+      def self.suspicious_path?(path)
+        path_parts = path.downcase.split("/")
+        file_name = path_parts.pop if path_parts.length > 0
+        if file_name
+          return true if SUSPICIOUS_FILE_NAMES.include?(file_name)
+          file_name_parts = file_name.split(".")
+          file_extension = file_name_parts.pop if file_name_parts.length > 1
+          return true if SUSPICIOUS_FILE_EXTENSIONS.include?(file_extension)
+        end
+        path_parts.any? do |directory_name|
+          SUSPICIOUS_DIRECTORY_NAMES.include?(directory_name)
+        end
+      end
+      def self.include_suspicious_payload?(context)
+        context.payloads.each do |payload|
+          next unless payload.source == :query
+          value = payload.value.downcase
+          length = value.length
+          next if length < 5 || length > 1_000
+          return true if SUSPICIOUS_SQL_KEYWORDS.any? do |keyword|
+            value.include?(keyword)
+          end
+        end
+        false
+      end
+      SUSPICIOUS_METHODS = [
+        "BADMETHOD",
+        "BADHTTPMETHOD",
+        "BADDATA",
+        "BADMTHD",
+        "BDMTHD"
+      ].map(&:downcase).freeze
+      SUSPICIOUS_DIRECTORY_NAMES = [
+        ".",
+        "..",
+        ".anydesk",
+        ".aptitude",
+        ".aws",
+        ".azure",
+        ".cache",
+        ".circleci",
+        ".config",
+        ".dbus",
+        ".docker",
+        ".drush",
+        ".TODO: gem",
+        ".git",
+        ".github",
+        ".gnupg",
+        ".gsutil",
+        ".hg",
+        ".idea",
+        ".java",
+        ".kube",
+        ".lftp",
+        ".minikube",
+        ".npm",
+        ".nvm",
+        ".pki",
+        ".snap",
+        ".ssh",
+        ".subversion",
+        ".svn",
+        ".tconn",
+        ".thunderbird",
+        ".tor",
+        ".vagrant.d",
+        ".vidalia",
+        ".vim",
+        ".vmware",
+        ".vscode",
+        "apache",
+        "apache2",
+        "grub",
+        "System32",
+        "tmp",
+        "xampp",
+        "cgi-bin",
+        "%systemroot%"
+      ].map(&:downcase).freeze
+      SUSPICIOUS_FILE_NAMES = [
+        ".addressbook",
+        ".atom",
+        ".bashrc",
+        ".boto",
+        ".config",
+        ".config.json",
+        ".config.xml",
+        ".config.yaml",
+        ".config.yml",
+        ".envrc",
+        ".eslintignore",
+        ".fbcindex",
+        ".forward",
+        ".gitattributes",
+        ".gitconfig",
+        ".gitignore",
+        ".gitkeep",
+        ".gitlab-ci.yaml",
+        ".gitlab-ci.yml",
+        ".gitmodules",
+        ".google_authenticator",
+        ".hgignore",
+        ".htaccess",
+        ".htpasswd",
+        ".htdigest",
+        ".ksh_history",
+        ".lesshst",
+        ".lhistory",
+        ".lighttpdpassword",
+        ".lldb-history",
+        ".lynx_cookies",
+        ".my.cnf",
+        ".mysql_history",
+        ".nano_history",
+        ".netrc",
+        ".node_repl_history",
+        ".npmrc",
+        ".nsconfig",
+        ".nsr",
+        ".password-store",
+        ".pearrc",
+        ".pgpass",
+        ".php_history",
+        ".pinerc",
+        ".proclog",
+        ".procmailrc",
+        ".profile",
+        ".psql_history",
+        ".python_history",
+        ".rediscli_history",
+        ".rhosts",
+        ".selected_editor",
+        ".sh_history",
+        ".sqlite_history",
+        ".svnignore",
+        ".tcshrc",
+        ".tmux.conf",
+        ".travis.yaml",
+        ".travis.yml",
+        ".viminfo",
+        ".vimrc",
+        ".www_acl",
+        ".wwwacl",
+        ".xauthority",
+        ".yarnrc",
+        ".zhistory",
+        ".zsh_history",
+        ".zshenv",
+        ".zshrc",
+        "Dockerfile",
+        "aws-key.yaml",
+        "aws-key.yml",
+        "aws.yaml",
+        "aws.yml",
+        "docker-compose.yaml",
+        "docker-compose.yml",
+        "npm-shrinkwrap.json",
+        "package-lock.json",
+        "package.json",
+        "phpinfo.php",
+        "wp-config.php",
+        "wp-config.php3",
+        "wp-config.php4",
+        "wp-config.php5",
+        "wp-config.phtml",
+        "composer.json",
+        "composer.lock",
+        "composer.phar",
+        "yarn.lock",
+        ".env.local",
+        ".env.development",
+        ".env.test",
+        ".env.production",
+        ".env.prod",
+        ".env.dev",
+        ".env.example",
+        "php.ini",
+        "wp-settings.php",
+        "config.asp",
+        "config_dev.asp",
+        "config-dev.asp",
+        "config.dev.asp",
+        "config_prod.asp",
+        "config-prod.asp",
+        "config.prod.asp",
+        "config.sample.asp",
+        "config-sample.asp",
+        "config_sample.asp",
+        "config_test.asp",
+        "config-test.asp",
+        "config.test.asp",
+        "config.ini",
+        "config_dev.ini",
+        "config-dev.ini",
+        "config.dev.ini",
+        "config_prod.ini",
+        "config-prod.ini",
+        "config.prod.ini",
+        "config.sample.ini",
+        "config-sample.ini",
+        "config_sample.ini",
+        "config_test.ini",
+        "config-test.ini",
+        "config.test.ini",
+        "config.json",
+        "config_dev.json",
+        "config-dev.json",
+        "config.dev.json",
+        "config_prod.json",
+        "config-prod.json",
+        "config.prod.json",
+        "config.sample.json",
+        "config-sample.json",
+        "config_sample.json",
+        "config_test.json",
+        "config-test.json",
+        "config.test.json",
+        "config.php",
+        "config_dev.php",
+        "config-dev.php",
+        "config.dev.php",
+        "config_prod.php",
+        "config-prod.php",
+        "config.prod.php",
+        "config.sample.php",
+        "config-sample.php",
+        "config_sample.php",
+        "config_test.php",
+        "config-test.php",
+        "config.test.php",
+        "config.pl",
+        "config_dev.pl",
+        "config-dev.pl",
+        "config.dev.pl",
+        "config_prod.pl",
+        "config-prod.pl",
+        "config.prod.pl",
+        "config.sample.pl",
+        "config-sample.pl",
+        "config_sample.pl",
+        "config_test.pl",
+        "config-test.pl",
+        "config.test.pl",
+        "config.py",
+        "config_dev.py",
+        "config-dev.py",
+        "config.dev.py",
+        "config_prod.py",
+        "config-prod.py",
+        "config.prod.py",
+        "config.sample.py",
+        "config-sample.py",
+        "config_sample.py",
+        "config_test.py",
+        "config-test.py",
+        "config.test.py",
+        "config.rb",
+        "config_dev.rb",
+        "config-dev.rb",
+        "config.dev.rb",
+        "config_prod.rb",
+        "config-prod.rb",
+        "config.prod.rb",
+        "config.sample.rb",
+        "config-sample.rb",
+        "config_sample.rb",
+        "config_test.rb",
+        "config-test.rb",
+        "config.test.rb",
+        "config.toml",
+        "config_dev.toml",
+        "config-dev.toml",
+        "config.dev.toml",
+        "config_prod.toml",
+        "config-prod.toml",
+        "config.prod.toml",
+        "config.sample.toml",
+        "config-sample.toml",
+        "config_sample.toml",
+        "config_test.toml",
+        "config-test.toml",
+        "config.test.toml",
+        "config.txt",
+        "config_dev.txt",
+        "config-dev.txt",
+        "config.dev.txt",
+        "config_prod.txt",
+        "config-prod.txt",
+        "config.prod.txt",
+        "config.sample.txt",
+        "config-sample.txt",
+        "config_sample.txt",
+        "config_test.txt",
+        "config-test.txt",
+        "config.test.txt",
+        "config.xml",
+        "config_dev.xml",
+        "config-dev.xml",
+        "config.dev.xml",
+        "config_prod.xml",
+        "config-prod.xml",
+        "config.prod.xml",
+        "config.sample.xml",
+        "config-sample.xml",
+        "config_sample.xml",
+        "config_test.xml",
+        "config-test.xml",
+        "config.test.xml",
+        "config.yaml",
+        "config_dev.yaml",
+        "config-dev.yaml",
+        "config.dev.yaml",
+        "config_prod.yaml",
+        "config-prod.yaml",
+        "config.prod.yaml",
+        "config.sample.yaml",
+        "config-sample.yaml",
+        "config_sample.yaml",
+        "config_test.yaml",
+        "config-test.yaml",
+        "config.test.yaml",
+        "config.yml",
+        "config_dev.yml",
+        "config-dev.yml",
+        "config.dev.yml",
+        "config_prod.yml",
+        "config-prod.yml",
+        "config.prod.yml",
+        "config.sample.yml",
+        "config-sample.yml",
+        "config_sample.yml",
+        "config_test.yml",
+        "config-test.yml",
+        "config.test.yml",
+        "boot.ini",
+        "gruntfile.js",
+        "localsettings.php",
+        "my.ini",
+        "npm-debug.log",
+        "parameters.yml",
+        "parameters.yaml",
+        "services.yml",
+        "services.yaml",
+        "web.config",
+        "webpack.config.js",
+        "config.old",
+        "config.inc.php",
+        "error.log",
+        "access.log",
+        ".DS_Store",
+        "passwd",
+        "win.ini",
+        "cmd.exe",
+        "my.cnf",
+        ".bash_history",
+        "docker-compose-dev.yml",
+        "docker-compose.override.yml",
+        "docker-compose.dev.yml",
+        "Cargo.lock",
+        "secrets.yml",
+        "secrets.yaml",
+        "docker-compose.staging.yml",
+        "docker-compose.production.yml",
+        "yaws-key.pem",
+        "mysql_config.ini",
+        "firewall.log",
+        "log4j.properties",
+        "serviceAccountCredentials.json",
+        "haproxy.cfg",
+        "service-account-credentials.json",
+        "vpn.log",
+        "system.log",
+        "webuser-auth.xml",
+        "fastcgi.conf",
+        "smb.conf",
+        "iis.log",
+        "pom.xml",
+        "openapi.json",
+        "vim_settings.xml",
+        "winscp.ini",
+        "ws_ftp.ini"
+      ].map(&:downcase).freeze
+      SUSPICIOUS_FILE_EXTENSIONS = [
+        "env",
+        "bak",
+        "sql",
+        "sqlite",
+        "sqlite3",
+        "db",
+        "old",
+        "save",
+        "orig",
+        "sqlitedb",
+        "sqlite3db"
+      ].map(&:downcase).freeze
+      SUSPICIOUS_SQL_KEYWORDS = [
+        "SELECT (CASE WHEN",
+        "SELECT COUNT(",
+        "SLEEP(",
+        "WAITFOR DELAY",
+        "SELECT LIKE(CHAR(",
+        "INFORMATION_SCHEMA.COLUMNS",
+        "INFORMATION_SCHEMA.TABLES",
+        "MD5(",
+        "DBMS_PIPE.RECEIVE_MESSAGE",
+        "SYSIBM.SYSTABLES",
+        "RANDOMBLOB(",
+        "SELECT * FROM",
+        "1'='1",
+        "PG_SLEEP(",
+        "UNION ALL SELECT",
+        "../"
+      ].map(&:downcase).freeze
+    end
+  end
+end