aikido-zen 1.0.2.beta.1-arm64-darwin → 1.0.2.beta.2-arm64-darwin
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/docs/proxy.md +10 -0
- data/docs/rails.md +1 -1
- data/lib/aikido/zen/config.rb +6 -2
- data/lib/aikido/zen/payload.rb +1 -1
- data/lib/aikido/zen/request.rb +21 -2
- data/lib/aikido/zen/version.rb +1 -1
- data/tasklib/libzen.rake +1 -0
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ced9ec8c9fd107afe1202a46e28682128fbe67080b0fba68712f4421d14ce28d
|
|
4
|
+
data.tar.gz: '08bdebb988951715222a75263d9644d1e09a61376e3c0feaca370a0266464045'
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 42cb4d72b978580f658b5574922b0f89cd5677ef353c1f629e1843a18734d3afd854bab9543f871f2e58b72e26f8f66fb7cc3f8aa357a6ae9470e1b7e6982c6a
|
|
7
|
+
data.tar.gz: 2c231f4d4570101c01c6d2b79eb874bd488a1cc66683a8bd5eba33d78f9f5ae5fabb59fd0fe64bb39dc758be6a57c4da3ef57d80eda5ba389719fbd7ebc6569e
|
data/docs/proxy.md
ADDED
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
# Proxy settings
|
|
2
|
+
|
|
3
|
+
We'll automatically use the `HTTP_X_FORWARDED_FOR` header to determine the client's IP address when behind a trusted proxy.
|
|
4
|
+
|
|
5
|
+
If you need to use a different header to determine the client's IP address, you can set the `AIKIDO_CLIENT_IP_HEADER` environment variable to the name of that header. This will override the default `HTTP_X_FORWARDED_FOR` header.
|
|
6
|
+
|
|
7
|
+
```bash
|
|
8
|
+
# For Fly.io Platform
|
|
9
|
+
AIKIDO_CLIENT_IP_HEADER=HTTP_FLY_CLIENT_IP bin/rails server
|
|
10
|
+
```
|
data/docs/rails.md
CHANGED
|
@@ -66,7 +66,7 @@ Rails.application.config.zen.api_timeouts = 20
|
|
|
66
66
|
You can access the configuration object both as `Aikido::Zen.config` or
|
|
67
67
|
`Rails.configuration.zen`.
|
|
68
68
|
|
|
69
|
-
See our [configuration guide](
|
|
69
|
+
See our [configuration guide](./config.md) for more details.
|
|
70
70
|
|
|
71
71
|
## Using Rails encrypted credentials
|
|
72
72
|
|
data/lib/aikido/zen/config.rb
CHANGED
|
@@ -61,7 +61,7 @@ module Aikido::Zen
|
|
|
61
61
|
# @return [Logger]
|
|
62
62
|
attr_reader :logger
|
|
63
63
|
|
|
64
|
-
# @return [
|
|
64
|
+
# @return [String] Path of the socket where the detached agent will listen.
|
|
65
65
|
# By default, is stored under the root application path with file name
|
|
66
66
|
# `aikido-detached-agent.sock`
|
|
67
67
|
attr_accessor :detached_agent_socket_path
|
|
@@ -150,6 +150,9 @@ module Aikido::Zen
|
|
|
150
150
|
# allow known hosts that should be able to resolve to the IMDS service.
|
|
151
151
|
attr_accessor :imds_allowed_hosts
|
|
152
152
|
|
|
153
|
+
# @return [String] environment specific HTTP header providing the client IP.
|
|
154
|
+
attr_accessor :client_ip_header
|
|
155
|
+
|
|
153
156
|
def initialize
|
|
154
157
|
self.disabled = read_boolean_from_env(ENV.fetch("AIKIDO_DISABLED", false))
|
|
155
158
|
self.blocking_mode = read_boolean_from_env(ENV.fetch("AIKIDO_BLOCK", false))
|
|
@@ -163,8 +166,9 @@ module Aikido::Zen
|
|
|
163
166
|
self.json_decoder = DEFAULT_JSON_DECODER
|
|
164
167
|
self.debugging = read_boolean_from_env(ENV.fetch("AIKIDO_DEBUG", false))
|
|
165
168
|
self.logger = Logger.new($stdout, progname: "aikido", level: debugging ? Logger::DEBUG : Logger::INFO)
|
|
166
|
-
self.max_performance_samples = 5000
|
|
167
169
|
self.detached_agent_socket_path = ENV.fetch("AIKIDO_DETACHED_AGENT_SOCKET_PATH", DEFAULT_DETACHED_AGENT_SOCKET_PATH)
|
|
170
|
+
self.client_ip_header = ENV.fetch("AIKIDO_CLIENT_IP_HEADER", nil)
|
|
171
|
+
self.max_performance_samples = 5000
|
|
168
172
|
self.max_compressed_stats = 100
|
|
169
173
|
self.max_outbound_connections = 200
|
|
170
174
|
self.max_users_tracked = 1000
|
data/lib/aikido/zen/payload.rb
CHANGED
data/lib/aikido/zen/request.rb
CHANGED
|
@@ -17,8 +17,9 @@ module Aikido::Zen
|
|
|
17
17
|
# @see Aikido::Zen.track_user
|
|
18
18
|
attr_accessor :actor
|
|
19
19
|
|
|
20
|
-
def initialize(delegate, framework:, router:)
|
|
20
|
+
def initialize(delegate, config = Aikido::Zen.config, framework:, router:)
|
|
21
21
|
super(delegate)
|
|
22
|
+
@config = config
|
|
22
23
|
@framework = framework
|
|
23
24
|
@router = router
|
|
24
25
|
@body_read = false
|
|
@@ -40,6 +41,24 @@ module Aikido::Zen
|
|
|
40
41
|
@schema ||= Aikido::Zen::Request::Schema.build
|
|
41
42
|
end
|
|
42
43
|
|
|
44
|
+
# @api private
|
|
45
|
+
#
|
|
46
|
+
# @return [String] the IP address of the client making the request.
|
|
47
|
+
def client_ip
|
|
48
|
+
return @client_ip if @client_ip
|
|
49
|
+
|
|
50
|
+
if @config.client_ip_header
|
|
51
|
+
value = env[@config.client_ip_header]
|
|
52
|
+
if Resolv::AddressRegex.match?(value)
|
|
53
|
+
@client_ip = value
|
|
54
|
+
else
|
|
55
|
+
@config.logger.warn("Invalid IP address in custom client IP header `#{@config.client_ip_header}`: `#{value}`")
|
|
56
|
+
end
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
@client_ip ||= respond_to?(:remote_ip) ? remote_ip : ip
|
|
60
|
+
end
|
|
61
|
+
|
|
43
62
|
# Map the CGI-style env Hash into "pretty-looking" headers, preserving the
|
|
44
63
|
# values as-is. For example, HTTP_ACCEPT turns into "Accept", CONTENT_TYPE
|
|
45
64
|
# turns into "Content-Type", and HTTP_X_FORWARDED_FOR turns into
|
|
@@ -87,7 +106,7 @@ module Aikido::Zen
|
|
|
87
106
|
{
|
|
88
107
|
method: request_method.downcase,
|
|
89
108
|
url: url,
|
|
90
|
-
ipAddress:
|
|
109
|
+
ipAddress: client_ip,
|
|
91
110
|
userAgent: user_agent,
|
|
92
111
|
headers: normalized_headers.reject { |_, val| val.to_s.empty? },
|
|
93
112
|
body: truncated_body,
|
data/lib/aikido/zen/version.rb
CHANGED
data/tasklib/libzen.rake
CHANGED
|
@@ -76,6 +76,7 @@ LIBZENS = [
|
|
|
76
76
|
LibZen.new("arm64-darwin.dylib", "libzen_internals_aarch64-apple-darwin.dylib"),
|
|
77
77
|
LibZen.new("arm64-linux.so", "libzen_internals_aarch64-unknown-linux-gnu.so"),
|
|
78
78
|
LibZen.new("arm64-linux-musl.so", "libzen_internals_aarch64-unknown-linux-musl.so"),
|
|
79
|
+
LibZen.new("aarch64-linux.so", "libzen_internals_aarch64-unknown-linux-gnu.so"),
|
|
79
80
|
LibZen.new("x86_64-darwin.dylib", "libzen_internals_x86_64-apple-darwin.dylib"),
|
|
80
81
|
LibZen.new("x86_64-linux.so", "libzen_internals_x86_64-unknown-linux-gnu.so"),
|
|
81
82
|
LibZen.new("x86_64-linux-musl.so", "libzen_internals_x86_64-unknown-linux-musl.so"),
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aikido-zen
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.2.beta.
|
|
4
|
+
version: 1.0.2.beta.2
|
|
5
5
|
platform: arm64-darwin
|
|
6
6
|
authors:
|
|
7
7
|
- Aikido Security
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2025-
|
|
11
|
+
date: 2025-09-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: concurrent-ruby
|
|
@@ -74,6 +74,7 @@ files:
|
|
|
74
74
|
- benchmarks/rails7.1_sql_injection.js
|
|
75
75
|
- docs/banner.svg
|
|
76
76
|
- docs/config.md
|
|
77
|
+
- docs/proxy.md
|
|
77
78
|
- docs/rails.md
|
|
78
79
|
- lib/aikido-zen.rb
|
|
79
80
|
- lib/aikido/zen.rb
|