aikido-zen 1.0.6-x86_64-darwin → 1.0.8-x86_64-darwin
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: dbc29a2e5c3b22abf38a97b7e49e4db0b6ead2aa071b3762d944fd82413a2a82
|
|
4
|
+
data.tar.gz: 9d115aa2a78a2d9a922b00ac759d2dfc0cfa9880b0a47374cad4f5639fc8737c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 553f0d1344d7bf3f4cd7cd738c2dd80486a3bc56f9182d93679fa7f558b9f33d5326e11e56db92f80d98fd2e4cd19de22298f5e752a5a1d9a9d1dd65a1510d34
|
|
7
|
+
data.tar.gz: 1ddf2449fbc52f91fa13fee3a62a118773a8c801b3d2055be03bfa7cece3c2cf5b5061f91fe519cc9fafd9ca12019448c6a903d3383be9531aac23ad57f0ba61
|
data/lib/aikido/zen/attack.rb
CHANGED
|
@@ -38,11 +38,19 @@ module Aikido::Zen
|
|
|
38
38
|
|
|
39
39
|
return if @config.imds_allowed_hosts.include?(@hostname)
|
|
40
40
|
|
|
41
|
-
@addresses.find do |
|
|
42
|
-
DANGEROUS_ADDRESSES.any?
|
|
41
|
+
@addresses.find do |address|
|
|
42
|
+
DANGEROUS_ADDRESSES.any? do |dangerous_address|
|
|
43
|
+
# Addresses are not considered stored IMDS addresses if the address
|
|
44
|
+
# is the same as the hostname. (These are valid IMDS requests, not spoofed ones)
|
|
45
|
+
next if address == @hostname
|
|
46
|
+
|
|
47
|
+
# True if the dangerous address is address or includes the address.
|
|
48
|
+
dangerous_address === address
|
|
49
|
+
end
|
|
43
50
|
end
|
|
44
51
|
end
|
|
45
52
|
|
|
53
|
+
# A dangerous address may be an individual address or an address range.
|
|
46
54
|
DANGEROUS_ADDRESSES = [
|
|
47
55
|
IPAddr.new("169.254.169.254"),
|
|
48
56
|
IPAddr.new("100.100.100.200"),
|
|
@@ -20,6 +20,11 @@ module Aikido::Zen
|
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
def block?(controller)
|
|
23
|
+
# The abstract controller running the callback is typically an ActionController
|
|
24
|
+
# but it may also be an ActionMailer. ActionMailer does not respond to request.
|
|
25
|
+
# This feature requires a request object to perform checks and enforce blocking.
|
|
26
|
+
return false unless controller.respond_to?(:request)
|
|
27
|
+
|
|
23
28
|
context = controller.request.env[Aikido::Zen::ENV_KEY]
|
|
24
29
|
request = context.request
|
|
25
30
|
|
data/lib/aikido/zen/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aikido-zen
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.8
|
|
5
5
|
platform: x86_64-darwin
|
|
6
6
|
authors:
|
|
7
7
|
- Aikido Security
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2026-01-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: concurrent-ruby
|