aikido-zen 1.0.2 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/lib/aikido/zen/context.rb +9 -10
  3. data/lib/aikido/zen/middleware/attack_protector.rb +29 -0
  4. data/lib/aikido/zen/rails_engine.rb +1 -0
  5. data/lib/aikido/zen/sinks/pg.rb +14 -5
  6. data/lib/aikido/zen/sinks.rb +1 -0
  7. data/lib/aikido/zen/version.rb +1 -1
  8. data/lib/aikido/zen.rb +1 -0
  9. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a49ca0f5bf05158409f505e455616847e8cbf8b84987b928589559f666baaed8
4
- data.tar.gz: 326a13bd0502d7b5215d6191eb2d060f2d1cdf805f02f62537327b98d92d44f2
3
+ metadata.gz: 9d138177952c1fa50bb1d06c44d913d4a5817cc6b574f2a0d081272871ad2d39
4
+ data.tar.gz: 536b5ad28b140bdd59294ed50bf0d37fabd77d77e099623a4c2c6b9f4592f7df
5
5
  SHA512:
6
- metadata.gz: 7af1a11288994e4455f70f4d845a5b64d0c8d095ea299b9257dfa1a639f678dd340b2bc4794a9d8f740f0e210133e8b78b849fa3fe00140a4cbcc6c90737b02a
7
- data.tar.gz: 5066f4e0bd2e2142703fdb3c9869c3a48d524f00d6354ca1d6eca1faa6110731c95751aeebb0f2103a47a01537dabcdfbf1ba63e30528e2a030ff76bb01e8c39
6
+ metadata.gz: 7455ec6799d1ce449ebc52c2f747d53b3baf6e3595141df760b159598c77b2894b54a8e6748f9cb19a0e30d1c75b466c924174e69474ee35efb7492d20967d2b
7
+ data.tar.gz: 221d50d4537a2f1008784b4edf05b5b7d847cf398f43c7e3ce4a71b30e44d96c1b2dd0423321c324c723ce80c8af61c929a8783cf01d8e05810c180056ccbb1f
data/lib/aikido/zen/context.rb CHANGED
@@ -22,6 +22,13 @@ module Aikido::Zen
22
22
 
23
23
  # @return [Boolean]
24
24
  attr_accessor :scanning
25
+ alias_method :scanning?, :scanning
26
+
27
+ # @return [Boolean] whether attack protection for the currently requested
28
+ # endpoint was disabled on the Aikido dashboard, or if the source IP for
29
+ # this request is in the "Bypass List".
30
+ attr_accessor :protection_disabled
31
+ alias_method :protection_disabled?, :protection_disabled
25
32
 
26
33
  # @param request [Rack::Request] a Request object that implements the
27
34
  # Rack::Request API, to which we will delegate behavior.
@@ -34,8 +41,10 @@ module Aikido::Zen
34
41
  @request = request
35
42
  @settings = settings
36
43
  @payload_sources = sources
44
+
37
45
  @metadata = {}
38
46
  @scanning = false
47
+ @protection_disabled = false
39
48
  end
40
49
 
41
50
  # Fetch some metadata stored in the Context.
@@ -75,16 +84,6 @@ module Aikido::Zen
75
84
  end
76
85
  end
77
86
 
78
- # @return [Boolean] whether attack protection for the currently requested
79
- # endpoint was disabled on the Aikido dashboard, or if the source IP for
80
- # this request is in the "Bypass List".
81
- def protection_disabled?
82
- return false if request.nil?
83
-
84
- !@settings.endpoints.match(request.route).all?(&:protected?) ||
85
- @settings.allowed_ips.include?(request.ip)
86
- end
87
-
88
87
  # @!visibility private
89
88
  def payload_sources
90
89
  @payload_sources.call(request)
data/lib/aikido/zen/middleware/attack_protector.rb ADDED
@@ -0,0 +1,29 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Aikido::Zen
4
+ module Middleware
5
+ class AttackProtector
6
+ def initialize(app, zen: Aikido::Zen, settings: zen.runtime_settings)
7
+ @app = app
8
+ @zen = zen
9
+ @settings = settings
10
+ end
11
+
12
+ def call(env)
13
+ context = @zen.current_context
14
+ request = context.request
15
+
16
+ context.protection_disabled = protection_disabled?(request)
17
+
18
+ @app.call(env)
19
+ end
20
+
21
+ private def protection_disabled?(request)
22
+ # Bypass attack protection for allowed IPs
23
+ return true if @settings.allowed_ips.include?(request.ip)
24
+
25
+ !@settings.endpoints.match(request.route).all?(&:protected?)
26
+ end
27
+ end
28
+ end
29
+ end
data/lib/aikido/zen/rails_engine.rb CHANGED
@@ -14,6 +14,7 @@ module Aikido::Zen
14
14
 
15
15
  app.middleware.use Aikido::Zen::Middleware::ContextSetter
16
16
  app.middleware.use Aikido::Zen::Middleware::AllowedAddressChecker
17
+ app.middleware.use Aikido::Zen::Middleware::AttackProtector
17
18
  app.middleware.use Aikido::Zen::Middleware::AttackWaveProtector
18
19
  # Request Tracker stats do not consider failed request or 40x, so the middleware
19
20
  # must be the last one wrapping the request.
data/lib/aikido/zen/sinks/pg.rb CHANGED
@@ -42,9 +42,15 @@ module Aikido::Zen
42
42
  ::PG::Connection.class_eval do
43
43
  extend Sinks::DSL
44
44
 
45
- %i[
46
- send_query exec sync_exec async_exec
47
- send_query_params exec_params sync_exec_params async_exec_params
45
+ [
46
+ :send_query,
47
+ :exec,
48
+ :sync_exec,
49
+ :async_exec,
50
+ :send_query_params,
51
+ :exec_params,
52
+ :sync_exec_params,
53
+ :async_exec_params
48
54
  ].each do |method_name|
49
55
  presafe_sink_before method_name do |query|
50
56
  Helpers.safe do
@@ -53,8 +59,11 @@ module Aikido::Zen
53
59
  end
54
60
  end
55
61
 
56
- %i[
57
- send_prepare prepare async_prepare sync_prepare
62
+ [
63
+ :send_prepare,
64
+ :prepare,
65
+ :async_prepare,
66
+ :sync_prepare
58
67
  ].each do |method_name|
59
68
  presafe_sink_before method_name do |_, query|
60
69
  Helpers.safe do
data/lib/aikido/zen/sinks.rb CHANGED
@@ -28,6 +28,7 @@ require_relative "sinks/patron"
28
28
  require_relative "sinks/typhoeus" if defined?(::Typhoeus)
29
29
  require_relative "sinks/async_http"
30
30
  require_relative "sinks/em_http"
31
+
31
32
  require_relative "sinks/mysql2"
32
33
  require_relative "sinks/pg"
33
34
  require_relative "sinks/sqlite3"
data/lib/aikido/zen/version.rb CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  module Aikido
4
4
  module Zen
5
- VERSION = "1.0.2"
5
+ VERSION = "1.0.3"
6
6
 
7
7
  # The version of libzen_internals that we build against.
8
8
  LIBZEN_VERSION = "0.1.48"
data/lib/aikido/zen.rb CHANGED
@@ -16,6 +16,7 @@ require_relative "zen/middleware/middleware"
16
16
  require_relative "zen/middleware/fork_detector"
17
17
  require_relative "zen/middleware/context_setter"
18
18
  require_relative "zen/middleware/allowed_address_checker"
19
+ require_relative "zen/middleware/attack_protector"
19
20
  require_relative "zen/middleware/attack_wave_protector"
20
21
  require_relative "zen/middleware/request_tracker"
21
22
  require_relative "zen/outbound_connection"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aikido-zen
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.2
4
+ version: 1.0.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Aikido Security
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2025-12-05 00:00:00.000000000 Z
11
+ date: 2025-12-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: concurrent-ruby
@@ -107,6 +107,7 @@ files:
107
107
  - lib/aikido/zen/helpers.rb
108
108
  - lib/aikido/zen/internals.rb
109
109
  - lib/aikido/zen/middleware/allowed_address_checker.rb
110
+ - lib/aikido/zen/middleware/attack_protector.rb
110
111
  - lib/aikido/zen/middleware/attack_wave_protector.rb
111
112
  - lib/aikido/zen/middleware/context_setter.rb
112
113
  - lib/aikido/zen/middleware/fork_detector.rb